Comment 2 for bug 1784905

With respect to the keystonecertbundle and apiservercertbundle, all the the contrail configs files accepts cacert and/or cert/key. So user/provisioning tool can populate only the cacert in the config file, so that the bundle created in /tmp will contain only the CA.

Similar fix is required for discovery ssl configs in various config files(will be fixed in next R3.2 minor release.