For certificates that contain EMAIL, the issuer and subject in the original certificate contains an OID, but in ISVA this is translated.
There's also a number of additional quotes popping up (I assume because of the translation).
This causes the compare to see that the certificates are different (although they're the same).
Sorted Current Management Cert:
{"issuer": "\"EMAIL=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE\"", "notafter": "2024-07-03", "notbefore": "2023-07-04", "subject": "\"EMAIL=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE\""}
[2023-07-04 16:28:14,599] [PID:279482 TID:139808360093504] [DEBUG] [ibmsecurity.isam.base.management_ssl_certificate] [_check():93]
Sorted Desired Management Cert:
{"issuer": "1.2.840.113549.1.9.1=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE", "notafter": "2024-07-03", "notbefore": "2023-07-04", "subject": "1.2.840.113549.1.9.1=tom.bosmans@be.ibm.com,CN=cloudinit.verifyaccess.local,O=Default Company Ltd,L=Default City,C=BE"}
For certificates that contain EMAIL, the issuer and subject in the original certificate contains an OID, but in ISVA this is translated. There's also a number of additional quotes popping up (I assume because of the translation).
This causes the compare to see that the certificates are different (although they're the same).