Merge pull request #7395 from vespa-engine/mpolden/remove-prepare

Remove deprecated prepare

1 files changed, 6 insertions, 3 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
index 332c440d18e..09f8de40378 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
@@ -65,7 +65,7 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple
 
         // Key store containing key pair from secret store
         factory.setKeyStore(KeyStoreBuilder.withType(KeyStoreType.JKS)
-                                           .withKeyEntry(getClass().getSimpleName(), privateKey(), certificate())
+                                           .withKeyEntry(getClass().getSimpleName(), privateKey(), certificates())
                                            .build());
 
         factory.setKeyStorePassword("");
@@ -77,8 +77,11 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple
         return KeyUtils.fromPemEncodedPrivateKey(secretStore.getSecret(config.privateKeySecret()));
     }
 
-    /** Get certificate from secret store */
-    private List<X509Certificate> certificate() {
+    /**
+     * Get certificate from secret store. If certificate secret contains multiple certificates, e.g. intermediate
+     * certificates, the entire chain will be read
+     */
+    private List<X509Certificate> certificates() {
         return X509CertificateUtils.certificateListFromPem(secretStore.getSecret(config.certificateSecret()));
     }