With respect to the keystonecertbundle and apiservercertbundle, all the the contrail configs files accepts cacert and/or cert/key. So user/provisioning tool can populate only the cacert in the config file, so that the bundle created in /tmp will contain only the CA.
Similar fix is required for discovery ssl configs in various config files(will be fixed in next R3.2 minor release.
With respect to the keystonecertbundle and apiservercertbu ndle, all the the contrail configs files accepts cacert and/or cert/key. So user/provisioning tool can populate only the cacert in the config file, so that the bundle created in /tmp will contain only the CA.
Similar fix is required for discovery ssl configs in various config files(will be fixed in next R3.2 minor release.