Central has a reencrypt parameter, but we need to clarify that this option cannot be used to set up Sensor, because Central and Sensor communicate through TLS and re-encryption breaks that connection.

See Slack thread: https://redhat-internal.slack.com/archives/C01R0E7CVMX/p1761841778749989?thread_ts=1761835982.251779&cid=C01R0E7CVMX

Suggested changes:

Add note to re-encryption parameter for Central that you cannot use this to set up the secured cluster (is only for UI - you can use passthrough for Central-Sensor communication). In this chapter: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/installing/index#install-central-ocp

Add a note in the installation section for secured clusters (Installing Sensor) in the "Central endpoint" that using a re-encrypted route to Central won't work: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/installing/index#install-secured-cluster-operator_install-secured-cluster-ocp. Per Vlad:

Such a route cannot be used for setting up Sensor, the reason being that we use mTLS (mutual TLS) for internal communication. A re-encrypt route breaks the direct connection between the two, and they cannot authenticate each other.