This story covers updating the local trust store of all Windows instances with the certs present in the trusted-ca ConfigMap. All certs that are not already present have to be imported and services must be able to load in the new certs (instance reboot required).
 

Engineering Details

WICD will do the cert imports, reading from the trust bundle file created by WMCO on each instance. WICD should compare the existing system certs with the expected ones in the trust bundle, and only initiate an instance reboot if it updated the cert config.

Acceptance Criteria

• Windows nodes are configured to import user-provided CA certs
• When proxy certificates are changed/rotated, the system cert store on each Windows nodes' is updated to hold each cert listed in the new trusted bundle