How-to Trust internal CA through Operator ?

[piellick]

Hi team,
When using internal services with TLS authentication, we are facing problems with integrating of our root certificate. What would be the best solution?

1st case where this is a problem, using an internal smtp with TLS for email notifications on Opensearch Dashboard:

EmailException javax.mail.MessagingException: Could not convert socket to TLS;                                                             │
│   nested exception is:                                                                                                                                                                                                                     │
│     javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     

We tried the use general.keystore with our CA Cert inside a secret without conclusive result:

 general:
    # ...
    keystore:
    - secret:
        name: internal-root-ca
      keyMappings:
        ca.crt: ca.crt

Using initContainer would be the solution?

Thanks a lot