regarding storing CA bundle in a secret to populate route certificates in openshift

[vishalpoonacha]

so as mentioned in the readme file two annotations can point to different secrets to populate route certs. one secret would contain the cert and the private key with annotations cert-utils-operator.redhat-cop.io/certs-from-secret: "" and another secret would contain only the CA bundle with annotation cert-utils-operator.redhat-cop.io/destinationCA-from-secret: "" .

so the second tls secret should also contain the private key along with ca bundle or only the latter is enough?

[raffaelespazzoli]

the first annotation contains the cert that is presented by the route to the consumer. When the route is of type reencrypt, and TLS connection is open from the router to the destination pod. The second secret contains the CA used to trust the certificate presented by the pod.

[vishalpoonacha]

and what if the route type is edge, can the tls.cert , tls.key and the ca.cert be stored in a single secret to populate the route certificates? or the ca.cert be stored in a diffferent tls secret than the tls.cert and tls.key ? the CA bundle is a third party

[vishalpoonacha]

how to use this operator to populate the route certificates in openshift if their is a third party ca bundle along with the cert and the private key for an edge route?