This is needed to support the root CA renewal feature.
During the initial phase of that renewal, a server needs to send clients:
- A new root CA,
- A cross-signed copy of that new CA, so that clients can validate the chain of trust using a previous root CA,
- And a previous root CA, so that clients can still trust the existing server TLS certificates during interregnum.
Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
When we run in a multi-tenant mode, the http handlers must be able to
dynamically look up which est service instance to use based on the
server name.
Signed-off-by: Andy Doan <andy@foundries.io>
