For Trusted Clusters , can “main” and “east” clusters use different CA for https_key_file and https_cert_file config?
Furthermore, any tips solving this problem?
- Our company policy requires to use company owned CA. But it’s not capable of rotating certs automatically, which has to be a yearly manual renewal;
- Our “main” cluster placed in AWS EC2 is “under our control”, but “east” clusters are scattered all over different places and “are not under our control” unless been asked to “make any changes”. So it’s not practical to rotate certs for “east” clusters manually.