Overview:

Troubleshooting thread that lead to this ticket: https://redhat-internal.slack.com/archives/C073B14UE10/p1768446649122339

TL;DR: when sensor connects to central over a re-encrypt route, then it ends up in an error that says "Warn: Central is running a legacy version that might not support all current features" and "Panic: Invalid dynamic cluster ID value “”: no concrete cluster ID was specified in conjunction with wildcard ID “00000000-0000-0000-0000-000000000000" For potential solutions refer to https://access.redhat.com/solutions/6972449

Unfortunately the linked KCS does not mention that using a re-encrypt route could be the cause (despite it being the most likely cause). I just submitted a draft change to fix this.

Moreover, we already have https://issues.redhat.com/browse/ROX-31172 and https://issues.redhat.com/browse/ROX-31529 about this, but here is another idea:

Since sensor will use the same endpoint to do the cert discovery HTTP(S) request (before attempting gRPC), perhaps we can have central detect that a re-encrypt route is being used and flag it somehow such that sensor can then surface this prominently in the log?

Acceptance Criteria:

A list of specific needs or objectives that this task must deliver in order to be considered complete. Complete during Refinement status.