Comment 3 for bug 1861438

system certificate-install -m ssl_ca <ca_cert_file> always replaces the one that has installed before. This is the expected behaviour by design. In this case where a new docker_registry and the corresponding ssl_ca certificates are installed, the existing cumulus cert is replaced by the new ssl_ca certificate. That's the reason why system controller can no longer access cumulus docker registry.

In order to keep the original cumulus certificate while adding the new one, the two certificate files need to be cat together into one single file, and use "system certificate-install -m ssl_ca" to install the combined certificate file.

However, as reported in here, when run "system certificate-install -m ssl_ca <combined_ca_cert_file>" to install the combined certificates, the command only installs one of the certificate in the combined file. This is a bug. And the fix will be making the command to install all the certs in the combined file.