Has anyone established a pattern or best practice for updating devices with new CA-signed certs? I am asking specifically about self-hosted version of Mender server.
For instance, if an organization receives their new CA-signed cert, do they append them to the current server.crt and send out the new server.crt to all devices? And then when it is certain that all devices have the new server.crt (with both the old and new CA-signed cert chains), they can install the new certificate on the server without the devices losing connectivity?
Is there a better way than this?