Background: In pre-Service Mesh/SM days our frontend and backend services mTLS authenticate using certs obtained from Vault
During implementation of SM we fetched Consul certs from the same Vault CA.
Question:
How do apps respond? Get rid of old certs and just hope that now the mTLS will not break anything
Current situation:
Scenario#1: Frontend services have yet to adopt SM.
So how does mTLS ack happens now? Frontend can continue to use the old cert and backend service can get rid of old cert and rely on mTLS feature of SM. Afterall both old and new certs were created using the same Vault CA
Senario#2: Both Frotend and Backend adopt SM.
Can we get rid of old certs from both the apps and rely on mTLS offered by SM?