Authly now distributes two certificates, "ROOT" and "LOCAL". In a sovereign authly setup, these two are copies of the same certificate. In a mandate setup, these are different certificates. Authly-client should change to use ROOT as the CA trust root, and be prepared that LOCAL can be an intermediate CA. At the same time this is implemented, servers must be reconfigured to present their full certificate chain leading up to ROOT. I think the gRPC protocol is already prepared to handle that.
Authly now distributes two certificates, "ROOT" and "LOCAL". In a sovereign authly setup, these two are copies of the same certificate. In a mandate setup, these are different certificates. Authly-client should change to use ROOT as the CA trust root, and be prepared that LOCAL can be an intermediate CA. At the same time this is implemented, servers must be reconfigured to present their full certificate chain leading up to ROOT. I think the gRPC protocol is already prepared to handle that.