12483d3d54
The current policy check for keystores in Secrets creates a loop because the truststore.jks or truststore.p12 will never exist when the issuer didn't provide the CA certificate. This behaviour was introduced by #5597 The JKS and PKCS12 truststores are only added to the Secret if the CA is provided by the issuer. The CertificateRequest API reference states: > The PEM encoded x509 certificate of the signer, also known > as the CA (Certificate Authority). This is set on a best-effort basis by > different issuers. If not set, the CA is assumed to be unknown/not available. This change will only check the PKCS12/JKS truststores if the CA cert from the issuer exists in the secret. Fixes #5755 Signed-off-by: Thomas Müller <thomas@chaschperli.ch> |
||
|---|---|---|
| .. | ||
| certificaterequests | ||
| certificates | ||
| challenges | ||
| feature | ||
| issuers | ||
| orders | ||