[docs] Documentation clarification about Proxying step-ca traffic

[hasan7n]

I am kindly asking for clarification on the Proxying step-ca traffic section of the production considerations documentation. Specifically, I would like to understand if this is accurate or not:

step will expect to be able to perform a TLS handshake with the proxy, and use the CA's root certificate to complete the trust chain. So, for inbound TLS connections, the proxy should use a server certificate issued by step-ca.

What seems to be the case is that whichever CA issued the proxy certificate, one can use the --root parameter with step ca commands to make step trust the issuing CA (ref). So, it seems that there is no requirement to have the proxy use certificates issued by step-ca, contrary to what the documentation mentions. Did I miss something?

[hslatman]

Hey @hasan7n, yes, it's likely that will work in terms of ensuring the CLI will trust the connection. However, it's not guaranteed that all functionalities will work while operating in such a configuration. That's why we don't explicitly mention this in our docs, currently.