1. What is the nature and description of the request?

To simplify the process of cert replacement for Receptor (mesh) with custom cert, current process is to have custom CA root cert with "signing certificate" extension and declare it in inventory file, the new process requested to just simply copy the custom cert for each node into /etc/receptor/tls directory and change some config file if necessary.

2. Why does the customer need this? (List the business requirements here)

custom CA root cert with "signing certifiate" extension is purposely for RCA and ICA servers only and not for application server due to security concern, only RCA/ICA that should be able to signing cert for other server, in customer case, customer can't get this CA root cert with "signing certificate" since authoritative team unable to provide this kind of cert to client hence, customer can't using custom cert for Mesh and need to provide justification to Auditor every year.

3. How would you like to achieve this? (List the functional requirements here)

Ability to copy custom cert for each node into /etc/receptor/tls directory manually and change some config file if necessary.