Send complete certificate chain, not just the leaf cert

Also, print a warning when signing may change the issuer. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-09-09 00:50:38 +00:00 · 2022-05-11 12:43:43 -07:00
parent 4df376813d
commit a30741bb53
3 changed files with 52 additions and 5 deletions
--- a/storage/kubernetes/ca.go
+++ b/storage/kubernetes/ca.go
@@ -56,7 +56,7 @@ func createAndStoreClientCert(secrets v1controller.SecretClient, namespace strin
 		return nil, err
 	}

-	certPem, keyPem, err := factory.Marshal(cert, key)
+	keyPem, certPem, err := factory.MarshalChain(key, cert, caCert)
 	if err != nil {
 		return nil, err
 	}