When generating new CA and server certificates with SystemTestCertAndKeyBuilder, the method getSubjectDN which is deprecated in Java 17 is used:

this.issuer = new X500Name(caCert.getCertificate().getSubjectDN().getName());

Java 17 suggests to use getSubjectX500Principal instead which worked in all other cases. However, the BouncyCastle library used by SystemTestCertAndKeyBuilder does seem to be able to handle it and the resulting certificate chain does not work (while on the first look it looks fine, when running it through OpenSSL it does not recognize the certificates in the chain as signing each other). Therefore the code currently keeps using the deprecated getSubjectDN. But ideally, we should fix this to make this more future proof and not use deprecated methods.

Created by Strimzi#7698