Comment 4 for bug 1996123

Where I've been testing is in deployment of a production environment. While doing the deployment iterations, I'm using a vault-generated root-ca but when the environment is handed over to the customer, they will provide a root-ca for vault.

In both scenarios, the certificates generated by vault will not have Signed Certificate Timestamps so either way, the sct check would fail.