I want to have a gateway backup that already contains the SSL certificate and pfx keystore with in it. That way I can restore the gateway and it is already provisioned with the correct certificate. In my development setup I am using a python script to generate the root certificate, then make the necessary leaf certificates and keystores. In production there will be a secrets manager.
I found that when I use a bind mounted data directory for the gateway’s and manually copy the cert and keystore in. It works just fine and I can connect the gateways together. When I take a gateway backup. I can see that the ca.crt is located in both config\local\ignition\gateway-network\client\security\pki\trusted\certs\ca.crt and config\local\ignition\gateway-network\server\security\pki\trusted\certs\ca.crt. Additionally, I can see the keystore under config\local\ignition\gateway-network\keystore\metro-keystore.pfx.
When I restore the backup ignition doesn’t restore the certs and it returns to self issued certificates. Why is that?