Currently it is only possible to configure openSSLPeerVerificationEnabled (which is a bool) in the APIcast operator CRD to enable upstream certificate validation, however this will use the builtin certificate store by default.

Configuration of a custom certificate store is normally done via configuration of the SSL_CERT_FILE environment variable (that should point to an embedded CA), but neither the env var, nor the certificate can be set / mounted with the APIcast Operator at the moment.

The request is to enable the configuration of a custom certificate store in the APIcast Operator CRD for upstream Certificate verification.

Workarounds:

1. Configure the Mutual TLS policy to verify the upstream certificates; CA certificates can be provided directly as part of the policy configuration.
2. Download the build.yml then run all the following commands (replacing the variables with placeholder text with appropriate values)

   oc new-app -f ./build.yml
   
   oc start-build apicast-custom-env
   
   oc get builds
   
   oc logs -f build/{$OUTPUT_OF_PREVIOUS_COMMAND}
   
   Once the build has successfully completed you should see an image pushed to the local registry. **Please make a note of the image URL**
   
   oc patch apicast {$NAME_OF_APICAST_CR} -p '{"spec":{"image":"{$IMAGE_URL_FROM_BUILD_OUTPUT}"}}' --type=merge <<-- The format of {$IMAGE_URL_FROM_BUILD_OUTPUT} should be {REGISTRY_HOSTNAME:PORT@SHA:SHA_ID}