From 91143f1f4beec28dfbcbf94d265ed624c9c24616 Mon Sep 17 00:00:00 2001
From: punitmundra <pmundra@progress.com>
Date: Tue, 5 Sep 2023 15:32:28 +0530
Subject: [PATCH 01/17] add the certificate template

Signed-off-by: punitmundra <pmundra@progress.com>
---
 .../automateHADeployExistingInfra.go          | 119 ++++++++++++++++++
 .../cmd/chef-automate/initConfigHaTmpl.go     |  44 +++++++
 2 files changed, 163 insertions(+)

diff --git a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
index c910bf35c31..06d1a263052 100644
--- a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
+++ b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
@@ -7,10 +7,12 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/chef/automate/components/automate-cli/pkg/status"
 	"github.com/chef/automate/lib/stringutils"
+	"github.com/chef/toml"
 	ptoml "github.com/pelletier/go-toml"
 )
 
@@ -75,9 +77,126 @@ func (e *existingInfra) generateConfig(state string) error {
 	if err != nil {
 		return err
 	}
+	e.populateCertificateTomlFile()
 	return writeHAConfigFiles(existingNodesA2harbTemplate, e.config, state)
 }
 
+type IP struct {
+	IP         string `toml:"ip"`
+	Publickey  string `toml:"public_key"`
+	PrivateKey string `toml:"private_key"`
+}
+type NodeCertficate struct {
+	RootCA          string `toml:"root_ca"`
+	AdminPublickey  string `toml:"admin_public_key,omitempty"`
+	AdminPrivateKey string `toml:"admin_private_key,omitempty"`
+	IPS             []IP   `toml:"ips"`
+}
+
+type CertificateToml struct {
+	Automate   NodeCertficate `toml:"automate"`
+	ChefServer NodeCertficate `toml:"chef_server"`
+	PostgreSQL NodeCertficate `toml:"postgresql"`
+	OpenSearch NodeCertficate `toml:"opensearch"`
+}
+
+func (e *existingInfra) populateCertificateTomlFile() {
+	// This is just to create the certificate empty file
+	automateCount, _ := strconv.Atoi(e.config.Automate.Config.InstanceCount)
+	chefServerCount, _ := strconv.Atoi(e.config.ChefServer.Config.InstanceCount)
+	OpensearchCount, _ := strconv.Atoi(e.config.Opensearch.Config.InstanceCount)
+	postgresqlCount, _ := strconv.Atoi(e.config.Postgresql.Config.InstanceCount)
+	var certContent CertificateToml
+	if automateCount > 0 {
+		var automate NodeCertficate
+		var ips []IP
+		// Initialize Automate section
+		automate.RootCA = "/hab/a2_deploy_workspace/certificate/automte.fqdn.root.ca.cert"
+		for i := 0; i < automateCount; i++ {
+			var ip IP
+			ip.IP = e.config.ExistingInfra.Config.AutomatePrivateIps[i]
+			ip.Publickey = "/hab/a2_deploy_workspace/certificate/automte.public.key"
+			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/automte.private.key"
+			ips = append(ips, ip)
+			fmt.Println(e.config.ExistingInfra.Config.AutomatePrivateIps[i], i)
+		}
+		automate.IPS = ips
+		certContent.Automate = automate
+	}
+
+	if chefServerCount > 0 {
+		// Initialize ChefServer section
+		var chefserver NodeCertficate
+		var ips []IP
+		// Initialize ChefServer section
+		chefserver.RootCA = "/hab/a2_deploy_workspace/certificate/chefserver.fqdn.root.ca.cert"
+		for i := 0; i < chefServerCount; i++ {
+			var ip IP
+			ip.IP = e.config.ExistingInfra.Config.ChefServerPrivateIps[i]
+			ip.Publickey = "/hab/a2_deploy_workspace/certificate/chefserver.public.key"
+			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/chefserver.private.key"
+			ips = append(ips, ip)
+			fmt.Println(e.config.ExistingInfra.Config.ChefServerPrivateIps[i], i)
+		}
+		chefserver.IPS = ips
+		certContent.ChefServer = chefserver
+	}
+
+	if OpensearchCount > 0 {
+		// Initialize Opensearch section
+		var opensearch NodeCertficate
+		var ips []IP
+		// Initialize Opensearch section
+		opensearch.RootCA = "/hab/a2_deploy_workspace/certificate/opensearch.fqdn.root.ca.cert"
+		opensearch.AdminPrivateKey = "/hab/a2_deploy_workspace/certificate/opensearch.admin.public.cert"
+		opensearch.AdminPublickey = "/hab/a2_deploy_workspace/certificate/opensearch.admin.private.cert"
+		for i := 0; i < OpensearchCount; i++ {
+			var ip IP
+			ip.IP = e.config.ExistingInfra.Config.OpensearchPrivateIps[i]
+			ip.Publickey = "/hab/a2_deploy_workspace/certificate/opensearch.public.key"
+			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/opensearch.private.key"
+			ips = append(ips, ip)
+			fmt.Println(e.config.ExistingInfra.Config.OpensearchPrivateIps[i], i)
+		}
+		opensearch.IPS = ips
+		certContent.OpenSearch = opensearch
+	}
+
+	if postgresqlCount > 0 {
+		// Initialize postgresql section
+		var postgresql NodeCertficate
+		var ips []IP
+		// Initialize postgresql section
+		postgresql.RootCA = "/hab/a2_deploy_workspace/certificate/postgresql.fqdn.root.ca.cert"
+		for i := 0; i < postgresqlCount; i++ {
+			var ip IP
+			ip.IP = e.config.ExistingInfra.Config.PostgresqlPrivateIps[i]
+			ip.Publickey = "/hab/a2_deploy_workspace/certificate/postgresql.public.key"
+			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/postgresql.private.key"
+			ips = append(ips, ip)
+			fmt.Println(e.config.ExistingInfra.Config.PostgresqlPrivateIps[i], i)
+		}
+		postgresql.IPS = ips
+		certContent.PostgreSQL = postgresql
+	}
+
+	// Write the TOML data to a file
+	outputFile := "/hab/a2_deploy_workspace/certificate.toml"
+	// Open a file for writing (create or overwrite if it exists)
+	file, err := os.Create(outputFile)
+	if err != nil {
+		fmt.Println("Error creating file:", err)
+		return
+	}
+	defer file.Close()
+
+	// Use the TOML encoder to write the configuration to the file
+	if err := toml.NewEncoder(file).Encode(certContent); err != nil {
+		fmt.Println("Error encoding TOML:", err)
+		return
+	}
+	fmt.Printf("Certificate TOML written to %s\n", outputFile)
+}
 func (e *existingInfra) addDNTocertConfig() error {
 	//If CustomCertsEnabled for OpenSearch is enabled, then get admin_dn and nodes_dn from the certs
 	if e.config.Opensearch.Config.EnableCustomCerts {
diff --git a/components/automate-cli/cmd/chef-automate/initConfigHaTmpl.go b/components/automate-cli/cmd/chef-automate/initConfigHaTmpl.go
index 3ee72368fa2..0e7cf7be73d 100644
--- a/components/automate-cli/cmd/chef-automate/initConfigHaTmpl.go
+++ b/components/automate-cli/cmd/chef-automate/initConfigHaTmpl.go
@@ -569,3 +569,47 @@ Global Flags:
       --no-check-version     Disable version check
       --result-json string   Write command result as JSON to PATH	  
 `
+
+const certificateTemplate = `
+[postgresql]
+  root-ca-filepath = "file-path.pem"
+  [ip1]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+  [ip2]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+  [ip3]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+[opensearch]
+  root-ca-filepath = "file-path.pem"
+  admin-public-key-filepath=""
+  admin-private-key-filepath=""
+  [ip1]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+  [ip2]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+  [ip3]
+    public-key-filepath = "file-path.pem"
+    private-key-filepath = "file-path.pem"
+[automate]
+root-ca-filepath = "file-path.pem"
+[ip1]
+  public-key = "file-path.pem"
+  private-key = "file-path.pem"
+[ip2]
+  public-key = "file-path.pem"
+  private-key = "file-path.pem"
+[chef_server]
+root-ca-filepath = "file-path.pem"
+[ip1]
+  public-key-filepath = "file-path.pem"
+  private-key-filepath = "file-path.pem"
+[ip2]
+  public-key-filepath = "file-path.pem"
+  private-key-filepath = "file-path.pem"
+
+`

From 58ee1f86e7bff0af170c606bffbff02daec31c71 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Sun, 1 Oct 2023 05:05:48 +0530
Subject: [PATCH 02/17] cert rotate from template

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../automateHADeployExistingInfra.go          |   6 +-
 .../cmd/chef-automate/certRotate.go           | 363 ++++++++++++++++--
 .../cmd/chef-automate/constants.go            |  66 ++--
 .../automate-cli/cmd/chef-automate/summary.go |  11 +
 4 files changed, 377 insertions(+), 69 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
index 06d1a263052..ee407668b33 100644
--- a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
+++ b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
@@ -180,10 +180,8 @@ func (e *existingInfra) populateCertificateTomlFile() {
 		certContent.PostgreSQL = postgresql
 	}
 
-	// Write the TOML data to a file
-	outputFile := "/hab/a2_deploy_workspace/certificate.toml"
 	// Open a file for writing (create or overwrite if it exists)
-	file, err := os.Create(outputFile)
+	file, err := os.Create(CERTIFICATE_TEMPLATE_TOML_FILE)
 	if err != nil {
 		fmt.Println("Error creating file:", err)
 		return
@@ -195,7 +193,7 @@ func (e *existingInfra) populateCertificateTomlFile() {
 		fmt.Println("Error encoding TOML:", err)
 		return
 	}
-	fmt.Printf("Certificate TOML written to %s\n", outputFile)
+	fmt.Printf("Certificate TOML written to %s\n", CERTIFICATE_TEMPLATE_TOML_FILE)
 }
 func (e *existingInfra) addDNTocertConfig() error {
 	//If CustomCertsEnabled for OpenSearch is enabled, then get admin_dn and nodes_dn from the certs
diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 94ed3b46292..23523f32521 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -15,6 +15,7 @@ import (
 	"github.com/chef/automate/components/automate-cli/pkg/docs"
 	"github.com/chef/automate/components/automate-cli/pkg/status"
 	"github.com/chef/automate/components/automate-deployment/pkg/cli"
+	chefToml "github.com/chef/automate/components/automate-deployment/pkg/toml"
 	"github.com/chef/automate/lib/io/fileutils"
 	"github.com/chef/automate/lib/logger"
 	"github.com/chef/automate/lib/platform/command"
@@ -128,6 +129,7 @@ type certRotateFlags struct {
 	rootCAPath      string
 	adminCertPath   string
 	adminKeyPath    string
+	cluster         string
 
 	// Node
 	node    string
@@ -175,6 +177,16 @@ func init() {
 		},
 	}
 
+	certTemplateGenerateCmd := &cobra.Command{
+		Use:   "generate-certificate-config",
+		Short: "Chef Automate generate certificate config ",
+		Long:  "Chef Automate CLI command to generate certificates config, this command should always be executed from AutomateHA Bastion Node",
+		RunE:  generateCertificateConfig(),
+		Annotations: map[string]string{
+			docs.Compatibility: docs.CompatiblewithHA,
+		},
+	}
+
 	certRotateCmd.PersistentFlags().BoolVarP(&flagsObj.automate, AUTOMATE, "a", false, "Automate Certificate Rotation")
 	certRotateCmd.PersistentFlags().BoolVar(&flagsObj.automate, "a2", false, "Automate Certificate Rotation")
 	certRotateCmd.PersistentFlags().BoolVarP(&flagsObj.chefserver, CHEF_SERVER, "c", false, "Chef Infra Server Certificate Rotation")
@@ -189,11 +201,14 @@ func init() {
 	certRotateCmd.PersistentFlags().StringVar(&flagsObj.rootCAPath, "root-ca", "", "RootCA certificate")
 	certRotateCmd.PersistentFlags().StringVar(&flagsObj.adminCertPath, "admin-cert", "", "Admin certificate")
 	certRotateCmd.PersistentFlags().StringVar(&flagsObj.adminKeyPath, "admin-key", "", "Admin Private certificate")
+	certRotateCmd.PersistentFlags().StringVar(&flagsObj.cluster, "certificate-config", "", "Cluster certificate file")
+	certRotateCmd.PersistentFlags().StringVar(&flagsObj.cluster, "cc", "", "Cluster certificate file")
 
 	certRotateCmd.PersistentFlags().StringVar(&flagsObj.node, "node", "", "Node Ip address")
 	certRotateCmd.PersistentFlags().IntVar(&flagsObj.timeout, "wait-timeout", DEFAULT_TIMEOUT, "This flag sets the operation timeout duration (in seconds) for each individual node during the certificate rotation process")
 
 	RootCmd.AddCommand(certRotateCmd)
+	RootCmd.AddCommand(certTemplateGenerateCmd)
 }
 
 func certRotateCmdFunc(flagsObj *certRotateFlags) func(cmd *cobra.Command, args []string) error {
@@ -215,52 +230,58 @@ func (c *certRotateFlow) certRotate(cmd *cobra.Command, args []string, flagsObj
 		if err != nil {
 			return err
 		}
-		certs, err := c.getCerts(infra, flagsObj)
-		if err != nil {
-			return err
-		}
-
-		// we need to ignore root-ca, adminCert and adminKey in the case of each node
-		if certs.rootCA != "" && flagsObj.node != "" {
-			writer.Warn("root-ca flag will be ignored when node flag is provided")
-		}
-		if (certs.adminCert != "" || certs.adminKey != "") && flagsObj.node != "" {
-			writer.Warn("admin-cert and admin-key flag will be ignored when node flag is provided")
-		}
 
 		sshConfig := c.getSshDetails(infra)
 		sshUtil := NewSSHUtil(sshConfig)
-		certShowFlow := NewCertShowImpl(certShowFlags{}, NewNodeUtils(NewRemoteCmdExecutorWithoutNodeMap(NewSSHUtil(&SSHConfig{}), writer), command.NewExecExecutor(), writer), sshUtil, writer)
-		currentCertsInfo, err := certShowFlow.fetchCurrentCerts()
-
-		if err != nil {
-			return errors.Wrap(err, "Error occured while fetching current certs")
-		}
-
-		if flagsObj.timeout < DEFAULT_TIMEOUT {
-			return errors.Errorf("The operation timeout duration for each individual node during the certificate rotation process should be set to a value greater than %v seconds.", DEFAULT_TIMEOUT)
-		}
-
 		sshConfig.timeout = flagsObj.timeout
 		sshUtil.setSSHConfig(sshConfig)
+		certShowFlow := NewCertShowImpl(certShowFlags{}, NewNodeUtils(NewRemoteCmdExecutorWithoutNodeMap(NewSSHUtil(&SSHConfig{}), writer), command.NewExecExecutor(), writer), sshUtil, writer)
+		currentCertsInfo, err := certShowFlow.fetchCurrentCerts()
 
-		if flagsObj.automate || flagsObj.chefserver {
-			err := c.certRotateFrontend(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+		if len(flagsObj.cluster) > 0 {
+			err = c.certRotateFromTemplate(flagsObj.cluster, sshUtil, infra, currentCertsInfo)
 			if err != nil {
 				return err
 			}
-		} else if flagsObj.postgres {
-			err := c.certRotatePG(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+		} else {
+			certs, err := c.getCerts(infra, flagsObj)
 			if err != nil {
 				return err
 			}
-		} else if flagsObj.opensearch {
-			err := c.certRotateOS(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+			// we need to ignore root-ca, adminCert and adminKey in the case of each node
+			if certs.rootCA != "" && flagsObj.node != "" {
+				writer.Warn("root-ca flag will be ignored when node flag is provided")
+			}
+			if (certs.adminCert != "" || certs.adminKey != "") && flagsObj.node != "" {
+				writer.Warn("admin-cert and admin-key flag will be ignored when node flag is provided")
+			}
+
 			if err != nil {
-				return err
+				return errors.Wrap(err, "Error occured while fetching current certs")
+			}
+
+			if flagsObj.timeout < DEFAULT_TIMEOUT {
+				return errors.Errorf("The operation timeout duration for each individual node during the certificate rotation process should be set to a value greater than %v seconds.", DEFAULT_TIMEOUT)
+			}
+
+			if flagsObj.automate || flagsObj.chefserver {
+				err := c.certRotateFrontend(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+				if err != nil {
+					return err
+				}
+			} else if flagsObj.postgres {
+				err := c.certRotatePG(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+				if err != nil {
+					return err
+				}
+			} else if flagsObj.opensearch {
+				err := c.certRotateOS(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+				if err != nil {
+					return err
+				}
+			} else {
+				return errors.New("Please Provide service flag")
 			}
-		} else {
-			return errors.New("Please Provide service flag")
 		}
 	} else {
 		return fmt.Errorf("cert-rotate command should be executed from Automate HA Bastion Node")
@@ -365,7 +386,7 @@ func (c *certRotateFlow) certRotatePG(sshUtil SSHUtil, certs *certificates, infr
 	patchFnParam.remoteService = remoteService
 	patchFnParam.skipIpsList = skipIpsList
 	patchFnParam.concurrent = true
-
+	// patching frontend
 	err = c.patchConfig(patchFnParam)
 	if err != nil {
 		return err
@@ -1151,3 +1172,279 @@ func uniqueIps(ips []string) []string {
 	}
 	return uniqueIps
 }
+
+func getPGLeader() (string, string) {
+	infra, err := getAutomateHAInfraDetails()
+	if err != nil {
+		return "", ""
+	}
+	var statusSummaryCmdFlags = StatusSummaryCmdFlags{}
+	sshUtil := NewSSHUtil(&SSHConfig{})
+	remoteCmdExecutor := NewRemoteCmdExecutorWithoutNodeMap(sshUtil, writer)
+	statusSummary := NewStatusSummary(infra, FeStatus{}, BeStatus{}, 10, time.Second, &statusSummaryCmdFlags, remoteCmdExecutor)
+	err = statusSummary.Prepare()
+	if err != nil {
+		return "", ""
+	}
+	return statusSummary.GetPGLeaderNode()
+}
+
+func getCertsFromTemplate(clusterCertificateFile string) (*CertificateToml, error) {
+	if len(clusterCertificateFile) < 1 {
+		writer.Errorln("Cluster certificate file is required")
+		return nil, errors.New("Cluster certificate file is required")
+	}
+	writer.Println("Reading certificates from template file")
+	content, err := fileutils.ReadFile(clusterCertificateFile)
+	if err != nil {
+		writer.Errorln("Error in fetching certificates from template file")
+		return nil, err
+	}
+	writer.Println(string(content))
+	certifiacates := &CertificateToml{}
+	toml.Decode(string(content), certifiacates)
+	return certifiacates, nil
+}
+
+func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates) error {
+	templateCerts, err := getCertsFromTemplate(clusterCertificateFile)
+	if err != nil {
+		return err
+	}
+	fmt.Println(templateCerts)
+	if templateCerts != nil {
+		// rotating PG certs
+		writer.Println("Rotating PostgreSQL certificates")
+		writer.Println("Fetching PostgreSQL leader node details")
+		pgLeaderIp, pgLeaderHealth := getPGLeader()
+		writer.Printf("PostgreSQL leader node is %s with status %s \n", pgLeaderIp, pgLeaderHealth)
+		pgRootCA := templateCerts.PostgreSQL.RootCA
+		writer.Printf("Fetching PostgreSQL RootCA from template %s \n", pgRootCA)
+		if len(pgLeaderIp) > 1 {
+			for _, pgIp := range templateCerts.PostgreSQL.IPS {
+				writer.Println("Searching for PostgreSQL leader node certificates from template")
+				if strings.EqualFold(strings.TrimSpace(pgIp.IP), strings.TrimSpace(pgLeaderIp)) {
+					//rotate pg leader node certs
+					writer.Println("Rotating PostgreSQL leader node certificates")
+					err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp)
+					if err != nil {
+						writer.Println(err.Error())
+						return err
+					}
+				}
+			}
+			for _, pgIp := range templateCerts.PostgreSQL.IPS {
+				if strings.EqualFold(pgIp.IP, pgLeaderIp) {
+					continue
+				}
+				writer.Println("Rotating PostgreSQL follower node certificates")
+				err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp)
+				if err != nil {
+					return err
+				}
+			}
+		}
+		// rotating OS certs
+		for i, osIp := range templateCerts.OpenSearch.IPS {
+			writer.Printf("Rotating OpenSearch node %d certificates \n", i)
+			err := c.rotateOSNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.OpenSearch, &osIp)
+			if err != nil {
+				return err
+			}
+		}
+
+		// rotate AutomateCerts
+
+		for i, a2Ip := range templateCerts.Automate.IPS {
+			writer.Printf("Rotating Automate node %d certificates \n", i)
+			err := c.rotateAutomateNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.Automate, &a2Ip)
+			if err != nil {
+				return err
+			}
+		}
+
+		for i, csIp := range templateCerts.ChefServer.IPS {
+			writer.Printf("Rotating Chef Server node %d certificates \n", i)
+			err := c.rotateChefServerNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.ChefServer, &csIp)
+			if err != nil {
+				return err
+			}
+		}
+
+	}
+	return errors.New("Failed")
+}
+
+func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP) error {
+	if len(pgIps.PrivateKey) == 0 || len(pgIps.Publickey) == 0 {
+		writer.Printf("Empty certificate for PostgerSQL node %s \n", pgIps.IP)
+		return errors.New(fmt.Sprintf("Empty certificate for PostgerSQL node %s \n", pgIps.IP))
+	}
+	flagsObj := certRotateFlags{
+		postgres:        true,
+		rootCAPath:      pgRootCA,
+		privateCertPath: pgIps.PrivateKey,
+		publicCertPath:  pgIps.Publickey,
+		node:            pgIps.IP,
+		timeout:         100,
+	}
+	certs, err := c.getCerts(infra, &flagsObj)
+	if err != nil {
+		return err
+	}
+	err = c.certRotatePG(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, os *NodeCertficate, osIp *IP) error {
+	if len(osIp.PrivateKey) == 0 || len(osIp.Publickey) == 0 {
+		writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
+		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
+	}
+	flagsObj := certRotateFlags{
+		opensearch:      true,
+		rootCAPath:      os.RootCA,
+		adminKeyPath:    os.AdminPrivateKey,
+		adminCertPath:   os.AdminPublickey,
+		privateCertPath: osIp.PrivateKey,
+		publicCertPath:  osIp.Publickey,
+		node:            osIp.IP,
+		timeout:         100,
+	}
+	certs, err := c.getCerts(infra, &flagsObj)
+	if err != nil {
+		return err
+	}
+	err = c.certRotateOS(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *certRotateFlow) rotateAutomateNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, a2 *NodeCertficate, a2Ip *IP) error {
+	if len(a2Ip.PrivateKey) == 0 || len(a2Ip.Publickey) == 0 {
+		writer.Printf("Empty certificate for Automte node %s \n", a2Ip.IP)
+		return errors.New(fmt.Sprintf("Empty certificate for Automte node %s \n", a2Ip.IP))
+	}
+	flagsObj := certRotateFlags{
+		automate:        true,
+		rootCAPath:      a2.RootCA,
+		privateCertPath: a2Ip.PrivateKey,
+		publicCertPath:  a2Ip.Publickey,
+		node:            a2Ip.IP,
+		timeout:         100,
+	}
+	certs, err := c.getCerts(infra, &flagsObj)
+	if err != nil {
+		return err
+	}
+	err = c.certRotateFrontend(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, cs *NodeCertficate, csIp *IP) error {
+	if len(csIp.PrivateKey) == 0 || len(csIp.Publickey) == 0 {
+		writer.Printf("Empty certificate for Chef Server node %s \n", csIp.IP)
+		return errors.New(fmt.Sprintf("Empty certificate for Chef Server node %s \n", csIp.IP))
+	}
+	flagsObj := certRotateFlags{
+		chefserver:      true,
+		rootCAPath:      cs.RootCA,
+		privateCertPath: csIp.PrivateKey,
+		publicCertPath:  csIp.Publickey,
+		node:            csIp.IP,
+		timeout:         100,
+	}
+	certs, err := c.getCerts(infra, &flagsObj)
+	if err != nil {
+		return err
+	}
+	err = c.certRotateFrontend(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func generateCertificateConfig() func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		if len(args) < 1 {
+			return errors.Errorf("command need a output file name like cert-config.toml")
+		}
+		err, certTemplate := populateCertificateConfig()
+		if err != nil {
+			return err
+		}
+		config, err := chefToml.Marshal(certTemplate)
+		if err != nil {
+			return err
+		}
+		writer.Printf("certificate config file is generate %s, Please update the file with releavent certificate file paths \n", args[0])
+		return fileutils.WriteFile(args[0], config, 0600)
+	}
+}
+
+func populateCertificateConfig() (error, *CertificateToml) {
+	infra, err := getAutomateHAInfraDetails()
+	if err != nil {
+		return err, nil
+	}
+	certifiacates := &CertificateToml{
+		Automate: NodeCertficate{
+			IPS: getIPS(infra, AUTOMATE),
+		},
+		ChefServer: NodeCertficate{
+			IPS: getIPS(infra, CHEF_SERVER),
+		},
+		PostgreSQL: NodeCertficate{
+			IPS: getIPS(infra, POSTGRESQL),
+		},
+		OpenSearch: NodeCertficate{
+			AdminPublickey:  "!Replace this with <admin public key>",
+			AdminPrivateKey: "!Replace this with <admin private key>",
+			IPS:             getIPS(infra, OPENSEARCH),
+		},
+	}
+	return nil, certifiacates
+}
+
+func getIPS(infra *AutomateHAInfraDetails, nodeType string) []IP {
+	var ips = []IP{}
+	if strings.EqualFold(nodeType, AUTOMATE) {
+		for _, nodeIp := range infra.Outputs.AutomatePrivateIps.Value {
+			ips = append(ips, IP{
+				IP: nodeIp,
+			})
+		}
+	} else if strings.EqualFold(nodeType, CHEF_SERVER) {
+		for _, nodeIp := range infra.Outputs.ChefServerPrivateIps.Value {
+			ips = append(ips, IP{
+				IP: nodeIp,
+			})
+		}
+	} else if strings.EqualFold(nodeType, POSTGRESQL) {
+		for _, nodeIp := range infra.Outputs.PostgresqlPrivateIps.Value {
+			ips = append(ips, IP{
+				IP: nodeIp,
+			})
+		}
+	} else if strings.EqualFold(nodeType, OPENSEARCH) {
+		for _, nodeIp := range infra.Outputs.OpensearchPrivateIps.Value {
+			ips = append(ips, IP{
+				IP: nodeIp,
+			})
+		}
+	}
+	return ips
+}
+
+func validateTemplateCertificates(certTemplate *CertificateToml) {
+
+}
diff --git a/components/automate-cli/cmd/chef-automate/constants.go b/components/automate-cli/cmd/chef-automate/constants.go
index 91ced645e05..881379d0631 100644
--- a/components/automate-cli/cmd/chef-automate/constants.go
+++ b/components/automate-cli/cmd/chef-automate/constants.go
@@ -1,36 +1,38 @@
 package main
 
 const (
-	FRONTEND            = "frontend"
-	AUTOMATE            = "automate"
-	CHEF_SERVER         = "chef_server"
-	POSTGRESQL          = "postgresql"
-	OPENSEARCH          = "opensearch"
-	SET                 = "set"
-	PATCH               = "patch"
-	SUDO_PASSWORD       = "sudo_password"
-	IPV4REGEX           = `^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4})`
-	A2VERSIONCMD        = "sudo chef-automate version"
-	A2VERSIONVERBOSE    = "sudo chef-automate version -v "
-	CSVERSIONCMD        = "sudo chef-server-ctl version"
-	OSGETINFOCURLCMD    = "curl -XGET http://localhost:10144"
-	PGGETVERSIONCURLCMD = "PGPASSWORD=%s  hab pkg exec %s  psql -U %s -h localhost -p 10145 -d postgres --dbname postgres -tAc 'SELECT version()'"
-	HABSVCSTATUS        = "echo yes |sudo hab svc status"
-	CONFIGSHOW          = "sudo chef-automate config show"
-	VERSIONREGEX        = `(\d+\.\d+\.\d+)`
-	PGVERSIONREGEX      = `PostgreSQL (\d+\.\d+)`
-	OSVERSIONREGEX      = `"number"\s*:\s*"([^"]+)"`
-	PGCOREPKG           = "core/postgresql13 "
-	AUTOMATE_NAME       = "Automate"
-	BASTION_NAME        = "Bastion"
-	CHEF_SERVER_NAME    = "Chef Server"
-	OPENSEARCH_NAME     = "Opensearch"
-	POSTGRESQL_NAME     = "Postgresql"
-	AUTOMATE_TOML       = "automate.config.toml"
-	CHEF_SERVER_TOML    = "chef_server.config.toml"
-	POSTGRESQL_TOML     = "postgresql.config.toml"
-	OPENSEARCH_TOML     = "opensearch.config.toml"
-	OCID_SHOW_APP       = "oc-id-show-app"
-	HOME_DIR            = "/home"
-	TMP_DIR             = "/tmp"
+	FRONTEND                       = "frontend"
+	AUTOMATE                       = "automate"
+	CHEF_SERVER                    = "chef_server"
+	POSTGRESQL                     = "postgresql"
+	OPENSEARCH                     = "opensearch"
+	SET                            = "set"
+	PATCH                          = "patch"
+	SUDO_PASSWORD                  = "sudo_password"
+	IPV4REGEX                      = `^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4})`
+	A2VERSIONCMD                   = "sudo chef-automate version"
+	A2VERSIONVERBOSE               = "sudo chef-automate version -v "
+	CSVERSIONCMD                   = "sudo chef-server-ctl version"
+	OSGETINFOCURLCMD               = "curl -XGET http://localhost:10144"
+	PGGETVERSIONCURLCMD            = "PGPASSWORD=%s  hab pkg exec %s  psql -U %s -h localhost -p 10145 -d postgres --dbname postgres -tAc 'SELECT version()'"
+	HABSVCSTATUS                   = "echo yes |sudo hab svc status"
+	CONFIGSHOW                     = "sudo chef-automate config show"
+	VERSIONREGEX                   = `(\d+\.\d+\.\d+)`
+	PGVERSIONREGEX                 = `PostgreSQL (\d+\.\d+)`
+	OSVERSIONREGEX                 = `"number"\s*:\s*"([^"]+)"`
+	PGCOREPKG                      = "core/postgresql13 "
+	AUTOMATE_NAME                  = "Automate"
+	BASTION_NAME                   = "Bastion"
+	CHEF_SERVER_NAME               = "Chef Server"
+	OPENSEARCH_NAME                = "Opensearch"
+	POSTGRESQL_NAME                = "Postgresql"
+	AUTOMATE_TOML                  = "automate.config.toml"
+	CHEF_SERVER_TOML               = "chef_server.config.toml"
+	POSTGRESQL_TOML                = "postgresql.config.toml"
+	OPENSEARCH_TOML                = "opensearch.config.toml"
+	OCID_SHOW_APP                  = "oc-id-show-app"
+	HOME_DIR                       = "/home"
+	TMP_DIR                        = "/tmp"
+	CERTIFICATE_TEMPLATE_TOML_FILE = "/hab/a2_deploy_workspace/certificate.toml"
+	CLUSTER                        = "cluster"
 )
diff --git a/components/automate-cli/cmd/chef-automate/summary.go b/components/automate-cli/cmd/chef-automate/summary.go
index 8863f80c03c..63052196db7 100644
--- a/components/automate-cli/cmd/chef-automate/summary.go
+++ b/components/automate-cli/cmd/chef-automate/summary.go
@@ -45,6 +45,7 @@ type StatusSummary interface {
 	Prepare() error
 	ShowFEStatus() string
 	ShowBEStatus() string
+	GetPGLeaderNode() (string, string)
 }
 
 type Summary struct {
@@ -670,3 +671,13 @@ func (ss *Summary) ShowBEStatus() string {
 	}
 	return ""
 }
+func (ss *Summary) GetPGLeaderNode() (string, string) {
+	if len(ss.beStatus) != 0 {
+		for _, status := range ss.beStatus {
+			if status.role == "Leader" && status.serviceName == "postgresql" {
+				return status.ipAddress, status.health
+			}
+		}
+	}
+	return "", ""
+}

From 3e4a3b7c3ba084943af5640359f2f8bf33092b89 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Wed, 4 Oct 2023 12:02:37 +0530
Subject: [PATCH 03/17] patching frontend config

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate.go           | 191 +++++++++++++-----
 .../cmd/chef-automate/sshUtils.go             |   6 +-
 2 files changed, 149 insertions(+), 48 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 23523f32521..3929cd0b052 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -106,6 +106,21 @@ const (
 	SKIP_FRONT_END_IPS_MSG_OS         = "The following %s %s will skip during root-ca and common name patching as the following %s have same root-ca and common name as currently provided OpenSearch root-ca and common name.\n\t %s"
 	SKIP_FRONT_END_IPS_MSG_CN         = "The following %s %s will skip during common name patching as the following %s have same common name as currently provided OpenSearch common name.\n\t %s"
 	DEFAULT_TIMEOUT                   = 600
+
+	AUTOMATE_HA_CLUSTER_CONFIG = `
+	[[load_balancer.v1.sys.frontend_tls]]
+		cert = """%v"""
+		key = """%v"""
+	[[global.v1.frontend_tls]]
+		cert = """%v"""
+		key = """%v"""
+	[global.v1.external.postgresql.ssl]
+		enable = true
+		root_cert = """%v"""
+	[global.v1.external.opensearch.ssl]
+		root_cert = """%v"""
+		server_name = "%v"
+	`
 )
 
 type certificates struct {
@@ -270,12 +285,12 @@ func (c *certRotateFlow) certRotate(cmd *cobra.Command, args []string, flagsObj
 					return err
 				}
 			} else if flagsObj.postgres {
-				err := c.certRotatePG(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+				err := c.certRotatePG(sshUtil, certs, infra, flagsObj, currentCertsInfo, false)
 				if err != nil {
 					return err
 				}
 			} else if flagsObj.opensearch {
-				err := c.certRotateOS(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+				err := c.certRotateOS(sshUtil, certs, infra, flagsObj, currentCertsInfo, false)
 				if err != nil {
 					return err
 				}
@@ -329,7 +344,7 @@ func (c *certRotateFlow) certRotateFrontend(sshUtil SSHUtil, certs *certificates
 }
 
 // certRotatePG will rotate the certificates of Postgres.
-func (c *certRotateFlow) certRotatePG(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) error {
+func (c *certRotateFlow) certRotatePG(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error {
 	if isManagedServicesOn() {
 		return status.Errorf(status.InvalidCommandArgsError, ERROR_SELF_MANAGED_DB_CERT_ROTATE, POSTGRESQL)
 	}
@@ -369,7 +384,15 @@ func (c *certRotateFlow) certRotatePG(sshUtil SSHUtil, certs *certificates, infr
 	if flagsObj.node != "" {
 		return nil
 	}
-	skipIpsList, err = c.getSkipIpsListForPgRootCAPatching(infra, sshUtil, certs)
+	if skipFrontend {
+		//Skiping frontend nodes
+		return nil
+	}
+	return c.certRotateFrontendForPG(sshUtil, certs, infra, flagsObj, timestamp)
+}
+
+func (c *certRotateFlow) certRotateFrontendForPG(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, timestamp string) error {
+	skipIpsList, err := c.getSkipIpsListForPgRootCAPatching(infra, sshUtil, certs)
 	if err != nil {
 		return err
 	}
@@ -377,15 +400,22 @@ func (c *certRotateFlow) certRotatePG(sshUtil SSHUtil, certs *certificates, infr
 
 	//Patching root-ca to frontend-nodes for maintaining the connection.
 	filenameFe := "pg_fe.toml"
-	remoteService = "frontend"
+	remoteService := "frontend"
 	// Creating and patching the required configurations.
 	configFe := fmt.Sprintf(POSTGRES_FRONTEND_CONFIG, certs.rootCA)
 
-	patchFnParam.config = configFe
-	patchFnParam.fileName = filenameFe
-	patchFnParam.remoteService = remoteService
-	patchFnParam.skipIpsList = skipIpsList
-	patchFnParam.concurrent = true
+	patchFnParam := &patchFnParameters{
+		sshUtil:       sshUtil,
+		config:        configFe,
+		fileName:      filenameFe,
+		timestamp:     timestamp,
+		remoteService: remoteService,
+		concurrent:    true,
+		infra:         infra,
+		flagsObj:      flagsObj,
+		skipIpsList:   skipIpsList,
+	}
+
 	// patching frontend
 	err = c.patchConfig(patchFnParam)
 	if err != nil {
@@ -419,7 +449,7 @@ func (c *certRotateFlow) getSkipIpsListForPgRootCAPatching(infra *AutomateHAInfr
 }
 
 // certRotateOS will rotate the certificates of OpenSearch.
-func (c *certRotateFlow) certRotateOS(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) error {
+func (c *certRotateFlow) certRotateOS(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error {
 	if isManagedServicesOn() {
 		return status.Errorf(status.InvalidCommandArgsError, ERROR_SELF_MANAGED_DB_CERT_ROTATE, OPENSEARCH)
 	}
@@ -491,11 +521,20 @@ func (c *certRotateFlow) certRotateOS(sshUtil SSHUtil, certs *certificates, infr
 		}
 
 	}
+
+	if skipFrontend {
+		//Skiping frontend nodes
+		return nil
+	}
+	return c.certRotateFrontendForOS(sshUtil, certs, infra, flagsObj, nodesCn, timestamp)
+}
+
+func (c *certRotateFlow) certRotateFrontendForOS(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, nodesCn string, timestamp string) error {
 	// Patching root-ca to frontend-nodes for maintaining the connection.
 	filenameFe := "os_fe.toml"
-	remoteService = "frontend"
+	remoteService := "frontend"
 
-	skipIpsList, err = c.getSkipIpsListForOsRootCACNPatching(infra, sshUtil, certs, nodesCn, flagsObj)
+	skipIpsList, err := c.getSkipIpsListForOsRootCACNPatching(infra, sshUtil, certs, nodesCn, flagsObj)
 	if err != nil {
 		return err
 	}
@@ -512,11 +551,17 @@ func (c *certRotateFlow) certRotateOS(sshUtil SSHUtil, certs *certificates, infr
 	}
 	c.skipMessagePrinter(remoteService, skipMessage, "", skipIpsList)
 
-	patchFnParam.config = configFe
-	patchFnParam.fileName = filenameFe
-	patchFnParam.remoteService = remoteService
-	patchFnParam.skipIpsList = skipIpsList
-	patchFnParam.concurrent = true
+	patchFnParam := &patchFnParameters{
+		sshUtil:       sshUtil,
+		config:        configFe,
+		fileName:      filenameFe,
+		timestamp:     timestamp,
+		remoteService: remoteService,
+		concurrent:    true,
+		infra:         infra,
+		flagsObj:      flagsObj,
+		skipIpsList:   skipIpsList,
+	}
 
 	err = c.patchConfig(patchFnParam)
 	if err != nil {
@@ -923,12 +968,12 @@ func (c *certRotateFlow) skipMessagePrinter(remoteService, skipIpsMsg, nodeFlag
 	}
 
 	if len(skipIpsList) != 0 && nodeFlag == "" {
-		writer.Skippedf(skipIpsMsg, remoteService, nodeString, nodeString, strings.Join(skipIpsList, ", "))
+		writer.Warnf(skipIpsMsg, remoteService, nodeString, nodeString, strings.Join(skipIpsList, ", "))
 	}
 
 	if len(skipIpsList) != 0 && nodeFlag != "" {
 		if stringutils.SliceContains(skipIpsList, nodeFlag) {
-			writer.Skippedf(skipIpsMsg, remoteService, nodeString, nodeString, strings.Join(skipIpsList, ", "))
+			writer.Warnf(skipIpsMsg, remoteService, nodeString, nodeString, strings.Join(skipIpsList, ", "))
 		}
 	}
 }
@@ -1257,7 +1302,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 
 		for i, a2Ip := range templateCerts.Automate.IPS {
 			writer.Printf("Rotating Automate node %d certificates \n", i)
-			err := c.rotateAutomateNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.Automate, &a2Ip)
+			err := c.rotateAutomateNodeCerts(infra, sshUtil, currentCertsInfo, templateCerts, &a2Ip)
 			if err != nil {
 				return err
 			}
@@ -1265,7 +1310,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 
 		for i, csIp := range templateCerts.ChefServer.IPS {
 			writer.Printf("Rotating Chef Server node %d certificates \n", i)
-			err := c.rotateChefServerNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.ChefServer, &csIp)
+			err := c.rotateChefServerNodeCerts(infra, sshUtil, currentCertsInfo, templateCerts, &csIp)
 			if err != nil {
 				return err
 			}
@@ -1286,13 +1331,13 @@ func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUti
 		privateCertPath: pgIps.PrivateKey,
 		publicCertPath:  pgIps.Publickey,
 		node:            pgIps.IP,
-		timeout:         100,
+		timeout:         1000,
 	}
 	certs, err := c.getCerts(infra, &flagsObj)
 	if err != nil {
 		return err
 	}
-	err = c.certRotatePG(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	err = c.certRotatePG(sshUtil, certs, infra, &flagsObj, currentCertsInfo, true)
 	if err != nil {
 		return err
 	}
@@ -1312,55 +1357,47 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 		privateCertPath: osIp.PrivateKey,
 		publicCertPath:  osIp.Publickey,
 		node:            osIp.IP,
-		timeout:         100,
+		timeout:         1000,
 	}
 	certs, err := c.getCerts(infra, &flagsObj)
 	if err != nil {
 		return err
 	}
-	err = c.certRotateOS(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
+	err = c.certRotateOS(sshUtil, certs, infra, &flagsObj, currentCertsInfo, true)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 
-func (c *certRotateFlow) rotateAutomateNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, a2 *NodeCertficate, a2Ip *IP) error {
+func (c *certRotateFlow) rotateAutomateNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, a2Ip *IP) error {
 	if len(a2Ip.PrivateKey) == 0 || len(a2Ip.Publickey) == 0 {
 		writer.Printf("Empty certificate for Automte node %s \n", a2Ip.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for Automte node %s \n", a2Ip.IP))
 	}
 	flagsObj := certRotateFlags{
 		automate:        true,
-		rootCAPath:      a2.RootCA,
+		rootCAPath:      certToml.Automate.RootCA,
 		privateCertPath: a2Ip.PrivateKey,
 		publicCertPath:  a2Ip.Publickey,
 		node:            a2Ip.IP,
-		timeout:         100,
-	}
-	certs, err := c.getCerts(infra, &flagsObj)
-	if err != nil {
-		return err
-	}
-	err = c.certRotateFrontend(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
-	if err != nil {
-		return err
+		timeout:         1000,
 	}
-	return nil
+	return c.rotateClusterFrontendCertificates(infra, sshUtil, flagsObj, currentCertsInfo, certToml)
 }
 
-func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, cs *NodeCertficate, csIp *IP) error {
+func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, csIp *IP) error {
 	if len(csIp.PrivateKey) == 0 || len(csIp.Publickey) == 0 {
 		writer.Printf("Empty certificate for Chef Server node %s \n", csIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for Chef Server node %s \n", csIp.IP))
 	}
 	flagsObj := certRotateFlags{
 		chefserver:      true,
-		rootCAPath:      cs.RootCA,
+		rootCAPath:      certToml.ChefServer.RootCA,
 		privateCertPath: csIp.PrivateKey,
 		publicCertPath:  csIp.Publickey,
 		node:            csIp.IP,
-		timeout:         100,
+		timeout:         1000,
 	}
 	certs, err := c.getCerts(infra, &flagsObj)
 	if err != nil {
@@ -1373,6 +1410,74 @@ func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails
 	return nil
 }
 
+func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfraDetails, sshUtil SSHUtil, flagsObj certRotateFlags, currentCertsInfo *certShowCertificates, certToml *CertificateToml) error {
+	certs, err := c.getCerts(infra, &flagsObj)
+	if err != nil {
+		return err
+	}
+
+	fileName := "cert-rotate-fe.toml"
+	timestamp := time.Now().Format("20060102150405")
+	var remoteService string
+
+	if flagsObj.automate {
+		remoteService = AUTOMATE
+	} else if flagsObj.chefserver {
+		remoteService = CHEF_SERVER
+	}
+	//get ips to exclude
+	skipIpsList := c.compareCurrentCertsWithNewCerts(remoteService, certs, &flagsObj, currentCertsInfo)
+	c.skipMessagePrinter(remoteService, SKIP_IPS_MSG_CERT_ROTATE, flagsObj.node, skipIpsList)
+	nodeDn := pkix.Name{}
+	if len(certToml.OpenSearch.IPS) > 0 {
+		opensearchFlagsObj := certRotateFlags{
+			opensearch:      true,
+			rootCAPath:      certToml.OpenSearch.RootCA,
+			adminKeyPath:    certToml.OpenSearch.AdminPrivateKey,
+			adminCertPath:   certToml.OpenSearch.AdminPublickey,
+			privateCertPath: certToml.OpenSearch.IPS[0].PrivateKey,
+			publicCertPath:  certToml.OpenSearch.IPS[0].Publickey,
+			node:            certToml.OpenSearch.IPS[0].IP,
+			timeout:         1000,
+		}
+		opensearchCerts, err := c.getCerts(infra, &opensearchFlagsObj)
+		nodeDn, err = getDistinguishedNameFromKey(opensearchCerts.publicCert)
+		if err != nil {
+			return err
+		}
+	}
+	opensearchRootCA, err := c.getCertFromFile(certToml.OpenSearch.RootCA, infra)
+	if err != nil {
+		return err
+	}
+
+	postgreSQLRootCA, err := c.getCertFromFile(certToml.PostgreSQL.RootCA, infra)
+	if err != nil {
+		return err
+	}
+
+	// Creating and patching the required configurations.
+	config := fmt.Sprintf(AUTOMATE_HA_CLUSTER_CONFIG, certs.publicCert, certs.privateCert, certs.publicCert, certs.privateCert, postgreSQLRootCA, opensearchRootCA, nodeDn.CommonName)
+	concurrent := true
+	patchFnParam := &patchFnParameters{
+		sshUtil:       sshUtil,
+		config:        config,
+		fileName:      fileName,
+		timestamp:     timestamp,
+		remoteService: remoteService,
+		concurrent:    concurrent,
+		infra:         infra,
+		flagsObj:      &flagsObj,
+		skipIpsList:   skipIpsList,
+	}
+	fmt.Println(patchFnParam)
+	err = c.patchConfig(patchFnParam)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func generateCertificateConfig() func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		if len(args) < 1 {
@@ -1444,7 +1549,3 @@ func getIPS(infra *AutomateHAInfraDetails, nodeType string) []IP {
 	}
 	return ips
 }
-
-func validateTemplateCertificates(certTemplate *CertificateToml) {
-
-}
diff --git a/components/automate-cli/cmd/chef-automate/sshUtils.go b/components/automate-cli/cmd/chef-automate/sshUtils.go
index 07f182b2677..20a38a0bd3c 100644
--- a/components/automate-cli/cmd/chef-automate/sshUtils.go
+++ b/components/automate-cli/cmd/chef-automate/sshUtils.go
@@ -337,7 +337,7 @@ func (s *SSHUtilImpl) copyFileToRemote(srcFilePath string, destFileName string,
 	cmd := "scp"
 	exec_args := []string{"-P " + s.SshConfig.sshPort, "-o StrictHostKeyChecking=no", "-i", s.SshConfig.sshKeyFile, "-r", srcFilePath, s.SshConfig.sshUser + "@" + s.SshConfig.hostIP + ":/tmp/" + destFileName}
 	if err := exec.Command(cmd, exec_args...).Run(); err != nil {
-		writer.Printf("\n"+"Failed to copy file %s to remote %s\n", srcFilePath, err.Error())
+		writer.Printf("\n"+"Failed to copy file %s to remote %s:%s %s\n", srcFilePath, s.SshConfig.hostIP, s.SshConfig.sshPort, err.Error())
 		if srcFilePath == "/usr/bin/chef-automate" {
 			writer.Printf("Please copy your chef-automate binary to /usr/bin" + "\n")
 		}
@@ -347,7 +347,7 @@ func (s *SSHUtilImpl) copyFileToRemote(srcFilePath string, destFileName string,
 		cmd := "rm"
 		exec_args := []string{"-rf", srcFilePath}
 		if err := exec.Command(cmd, exec_args...).Run(); err != nil {
-			writer.Printf("Failed to copy file to remote %s\n", err.Error())
+			writer.Printf("Failed to copy file to remote %s:%s %s\n", s.SshConfig.hostIP, s.SshConfig.sshPort, err.Error())
 			return err
 		}
 	}
@@ -360,7 +360,7 @@ func (s *SSHUtilImpl) copyFileFromRemote(remoteFilePath string, outputFileName s
 	destFileName := "/tmp/" + outputFileName
 	execArgs := []string{"-P " + s.SshConfig.sshPort, "-o StrictHostKeyChecking=no", "-o ConnectTimeout=30", "-i", s.SshConfig.sshKeyFile, "-r", s.SshConfig.sshUser + "@" + s.SshConfig.hostIP + ":" + remoteFilePath, destFileName}
 	if err := exec.Command(cmd, execArgs...).Run(); err != nil {
-		writer.Printf("Failed to copy file from remote %s\n", err.Error())
+		writer.Printf("Failed to copy file from remote %s:%s %s\n", s.SshConfig.hostIP, s.SshConfig.sshPort, err.Error())
 		return "", err
 	}
 	return destFileName, nil

From 27140bc4bcbab501d20ac9840caea5eb9aa7a072 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Mon, 9 Oct 2023 15:35:15 +0530
Subject: [PATCH 04/17] cluster certificate patch working code

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../habitat/hooks/install                     |   7 +
 .../cmd/chef-automate/certRotate.go           | 159 ++++++++++++++----
 .../automate-cli/cmd/chef-automate/config.go  |   3 +
 3 files changed, 136 insertions(+), 33 deletions(-)

diff --git a/components/automate-backend-deployment/habitat/hooks/install b/components/automate-backend-deployment/habitat/hooks/install
index e532ae0b70d..a7172bfc48f 100644
--- a/components/automate-backend-deployment/habitat/hooks/install
+++ b/components/automate-backend-deployment/habitat/hooks/install
@@ -173,6 +173,13 @@ EOF
     display_upgrade_help $(cat $OLD_WORKSPACE/terraform/.tf_arch)
   fi
 fi
+
+if [[ -f $OLD_WORKSPACE/certificate.toml ]]; then
+    echo "Copying previous 'certificate.toml' config to new workspace"
+    echo "Copying previous 'certificate.toml' config to new workspace" >> $LOGGER
+    cp $OLD_WORKSPACE/certificate.toml $NEW_WORKSPACE/certificate.toml
+    echo "Copied previous 'certificate.toml' config to new workspace" >> $LOGGER
+fi
 echo "creating new symlink for new workspace" >> $LOGGER
 # shellcheck disable=SC1083
 ln -nsf $NEW_WORKSPACE /hab/a2_deploy_workspace
diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 3929cd0b052..58a4195f943 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -66,7 +66,7 @@ const (
 		enforce_hostname_verification = false
 		resolve_hostname = false
 	[plugins.security]
-		nodes_dn = '- %v'`
+		nodes_dn = """- %v"""`
 
 	OPENSEARCH_CONFIG_IGNORE_ADMIN_AND_ROOTCA = `
 	[tls]
@@ -252,6 +252,9 @@ func (c *certRotateFlow) certRotate(cmd *cobra.Command, args []string, flagsObj
 		sshUtil.setSSHConfig(sshConfig)
 		certShowFlow := NewCertShowImpl(certShowFlags{}, NewNodeUtils(NewRemoteCmdExecutorWithoutNodeMap(NewSSHUtil(&SSHConfig{}), writer), command.NewExecExecutor(), writer), sshUtil, writer)
 		currentCertsInfo, err := certShowFlow.fetchCurrentCerts()
+		if err != nil {
+			return errors.WithStack(err)
+		}
 
 		if len(flagsObj.cluster) > 0 {
 			err = c.certRotateFromTemplate(flagsObj.cluster, sshUtil, infra, currentCertsInfo)
@@ -271,10 +274,6 @@ func (c *certRotateFlow) certRotate(cmd *cobra.Command, args []string, flagsObj
 				writer.Warn("admin-cert and admin-key flag will be ignored when node flag is provided")
 			}
 
-			if err != nil {
-				return errors.Wrap(err, "Error occured while fetching current certs")
-			}
-
 			if flagsObj.timeout < DEFAULT_TIMEOUT {
 				return errors.Errorf("The operation timeout duration for each individual node during the certificate rotation process should be set to a value greater than %v seconds.", DEFAULT_TIMEOUT)
 			}
@@ -610,6 +609,8 @@ func patchOSNodeDN(flagsObj *certRotateFlags, patchFnParam *patchFnParameters, c
 	patchFnParam.concurrent = false
 	err := c.patchConfig(patchFnParam)
 	if err != nil {
+		fmt.Println("Error @certRotate.go:612")
+		fmt.Println(err)
 		return err
 	}
 
@@ -1044,7 +1045,7 @@ func (c *certRotateFlow) getCerts(infra *AutomateHAInfraDetails, flagsObj *certR
 
 	// Admin Cert and Admin Key is mandatory for OS nodes.
 	if flagsObj.opensearch {
-		if (adminCertPath == "" || adminKeyPath == "") && flagsObj.node == "" {
+		if (len(adminCertPath) == 0 || len(adminKeyPath) == 0) && len(flagsObj.node) == 0 {
 			return nil, errors.New("Please provide both admin-cert and admin-key flags")
 		}
 		if adminCertPath != "" && adminKeyPath != "" {
@@ -1245,7 +1246,7 @@ func getCertsFromTemplate(clusterCertificateFile string) (*CertificateToml, erro
 		writer.Errorln("Error in fetching certificates from template file")
 		return nil, err
 	}
-	writer.Println(string(content))
+	//writer.Println(string(content))
 	certifiacates := &CertificateToml{}
 	toml.Decode(string(content), certifiacates)
 	return certifiacates, nil
@@ -1256,7 +1257,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 	if err != nil {
 		return err
 	}
-	fmt.Println(templateCerts)
+	//fmt.Println(templateCerts)
 	if templateCerts != nil {
 		// rotating PG certs
 		writer.Println("Rotating PostgreSQL certificates")
@@ -1271,7 +1272,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 				if strings.EqualFold(strings.TrimSpace(pgIp.IP), strings.TrimSpace(pgLeaderIp)) {
 					//rotate pg leader node certs
 					writer.Println("Rotating PostgreSQL leader node certificates")
-					err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp)
+					err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp, false)
 					if err != nil {
 						writer.Println(err.Error())
 						return err
@@ -1279,20 +1280,22 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 				}
 			}
 			for _, pgIp := range templateCerts.PostgreSQL.IPS {
-				if strings.EqualFold(pgIp.IP, pgLeaderIp) {
+				if strings.EqualFold(strings.TrimSpace(pgIp.IP), strings.TrimSpace(pgLeaderIp)) {
 					continue
 				}
 				writer.Println("Rotating PostgreSQL follower node certificates")
-				err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp)
+				err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp, false)
 				if err != nil {
 					return err
 				}
 			}
+		} else {
+			return errors.New("Not able to find PostgreSQL leader node, please ensure leader node is in healthy state")
 		}
 		// rotating OS certs
 		for i, osIp := range templateCerts.OpenSearch.IPS {
 			writer.Printf("Rotating OpenSearch node %d certificates \n", i)
-			err := c.rotateOSNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.OpenSearch, &osIp)
+			err := c.rotateOSNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.OpenSearch, &osIp, false)
 			if err != nil {
 				return err
 			}
@@ -1317,10 +1320,10 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 		}
 
 	}
-	return errors.New("Failed")
+	return nil
 }
 
-func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP) error {
+func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP, concurrent bool) error {
 	if len(pgIps.PrivateKey) == 0 || len(pgIps.Publickey) == 0 {
 		writer.Printf("Empty certificate for PostgerSQL node %s \n", pgIps.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for PostgerSQL node %s \n", pgIps.IP))
@@ -1337,23 +1340,51 @@ func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUti
 	if err != nil {
 		return err
 	}
-	err = c.certRotatePG(sshUtil, certs, infra, &flagsObj, currentCertsInfo, true)
+
+	if isManagedServicesOn() {
+		return status.Errorf(status.InvalidCommandArgsError, ERROR_SELF_MANAGED_DB_CERT_ROTATE, POSTGRESQL)
+	}
+	fileName := "cert-rotate-pg.toml"
+	timestamp := time.Now().Format("20060102150405")
+	remoteService := POSTGRESQL
+
+	// Creating and patching the required configurations.
+	config := fmt.Sprintf(POSTGRES_CONFIG_IGNORE_ISSUER_CERT, certs.privateCert, certs.publicCert)
+
+	skipIpsList := c.compareCurrentCertsWithNewCerts(remoteService, certs, &flagsObj, currentCertsInfo)
+	c.skipMessagePrinter(remoteService, SKIP_IPS_MSG_CERT_ROTATE, flagsObj.node, skipIpsList)
+
+	patchFnParam := &patchFnParameters{
+		sshUtil:       sshUtil,
+		config:        config,
+		fileName:      fileName,
+		timestamp:     timestamp,
+		remoteService: remoteService,
+		concurrent:    concurrent,
+		infra:         infra,
+		flagsObj:      &flagsObj,
+		skipIpsList:   skipIpsList,
+	}
+
+	// patching on PG
+	err = c.patchConfig(patchFnParam)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 
-func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, os *NodeCertficate, osIp *IP) error {
+func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, oss *NodeCertficate, osIp *IP, concurrent bool) error {
 	if len(osIp.PrivateKey) == 0 || len(osIp.Publickey) == 0 {
 		writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
 	}
+	fmt.Printf("Admin cert path : %s", oss.AdminPublickey)
 	flagsObj := certRotateFlags{
 		opensearch:      true,
-		rootCAPath:      os.RootCA,
-		adminKeyPath:    os.AdminPrivateKey,
-		adminCertPath:   os.AdminPublickey,
+		rootCAPath:      oss.RootCA,
+		adminKeyPath:    oss.AdminPrivateKey,
+		adminCertPath:   oss.AdminPublickey,
 		privateCertPath: osIp.PrivateKey,
 		publicCertPath:  osIp.Publickey,
 		node:            osIp.IP,
@@ -1363,10 +1394,80 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 	if err != nil {
 		return err
 	}
-	err = c.certRotateOS(sshUtil, certs, infra, &flagsObj, currentCertsInfo, true)
+
+	if isManagedServicesOn() {
+		return status.Errorf(status.InvalidCommandArgsError, ERROR_SELF_MANAGED_DB_CERT_ROTATE, OPENSEARCH)
+	}
+	fileName := "cert-rotate-os.toml"
+	timestamp := time.Now().Format("20060102150405")
+	remoteService := OPENSEARCH
+	adminPublicCert, err := c.getCertFromFile(oss.AdminPublickey, infra)
+	if err != nil {
+		return err
+	}
+	adminPublicCertString := strings.TrimSpace(string(adminPublicCert))
+	adminPrivateCert, err := c.getCertFromFile(oss.AdminPrivateKey, infra)
+	if err != nil {
+		return err
+	}
+	adminDn, err := getDistinguishedNameFromKey(adminPublicCertString)
+	if err != nil {
+		fmt.Println("Error in decoding admin cert, not able to get adminDn")
+		return err
+	}
+	nodeDn, err := getDistinguishedNameFromKey(certs.publicCert)
 	if err != nil {
+		fmt.Println("Error in decoding node cert, not able to get nodeDn")
 		return err
 	}
+	existingNodesDN := strings.TrimSpace(currentCertsInfo.OpensearchCertsByIP[0].NodesDn)
+	if strings.HasSuffix(existingNodesDN, `\n`) {
+		i := strings.LastIndex(existingNodesDN, `\n`)
+		existingNodesDN = existingNodesDN[:i] + strings.Replace(existingNodesDN[i:], `\n`, "", 1)
+	}
+	nodesDn := ""
+	if strings.EqualFold(existingNodesDN, fmt.Sprintf("%v", nodeDn)) {
+		nodesDn = fmt.Sprintf("%v", nodeDn)
+	} else {
+		nodesDn = fmt.Sprintf("%v\n", existingNodesDN) + "  - " + fmt.Sprintf("%v\n", nodeDn)
+	}
+
+	skipIpsList := c.compareCurrentCertsWithNewCerts(remoteService, certs, &flagsObj, currentCertsInfo)
+	c.skipMessagePrinter(remoteService, SKIP_IPS_MSG_CERT_ROTATE, flagsObj.node, skipIpsList)
+
+	// Creating and patching the required configurations.
+
+	config := fmt.Sprintf(OPENSEARCH_CONFIG, certs.rootCA, adminPublicCertString, strings.TrimSpace(string(adminPrivateCert)), certs.publicCert, certs.privateCert, fmt.Sprintf("%v", adminDn), fmt.Sprintf("%v", nodesDn))
+
+	patchFnParam := &patchFnParameters{
+		sshUtil:       sshUtil,
+		config:        config,
+		fileName:      fileName,
+		timestamp:     timestamp,
+		remoteService: remoteService,
+		concurrent:    concurrent,
+		infra:         infra,
+		flagsObj:      &flagsObj,
+		skipIpsList:   skipIpsList,
+	}
+
+	err = c.patchConfig(patchFnParam)
+	if err != nil {
+		return err
+	}
+
+	if flagsObj.node != "" && stringutils.SliceContains(skipIpsList, flagsObj.node) {
+		return nil
+	}
+
+	if flagsObj.node != "" {
+
+		err := patchOSNodeDN(&flagsObj, patchFnParam, c, nodesDn)
+		if err != nil {
+			return err
+		}
+
+	}
 	return nil
 }
 
@@ -1399,15 +1500,7 @@ func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails
 		node:            csIp.IP,
 		timeout:         1000,
 	}
-	certs, err := c.getCerts(infra, &flagsObj)
-	if err != nil {
-		return err
-	}
-	err = c.certRotateFrontend(sshUtil, certs, infra, &flagsObj, currentCertsInfo)
-	if err != nil {
-		return err
-	}
-	return nil
+	return c.rotateClusterFrontendCertificates(infra, sshUtil, flagsObj, currentCertsInfo, certToml)
 }
 
 func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfraDetails, sshUtil SSHUtil, flagsObj certRotateFlags, currentCertsInfo *certShowCertificates, certToml *CertificateToml) error {
@@ -1426,8 +1519,8 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 		remoteService = CHEF_SERVER
 	}
 	//get ips to exclude
-	skipIpsList := c.compareCurrentCertsWithNewCerts(remoteService, certs, &flagsObj, currentCertsInfo)
-	c.skipMessagePrinter(remoteService, SKIP_IPS_MSG_CERT_ROTATE, flagsObj.node, skipIpsList)
+	skipIpsList := []string{}
+
 	nodeDn := pkix.Name{}
 	if len(certToml.OpenSearch.IPS) > 0 {
 		opensearchFlagsObj := certRotateFlags{
@@ -1457,7 +1550,7 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 	}
 
 	// Creating and patching the required configurations.
-	config := fmt.Sprintf(AUTOMATE_HA_CLUSTER_CONFIG, certs.publicCert, certs.privateCert, certs.publicCert, certs.privateCert, postgreSQLRootCA, opensearchRootCA, nodeDn.CommonName)
+	config := fmt.Sprintf(AUTOMATE_HA_CLUSTER_CONFIG, certs.publicCert, certs.privateCert, certs.publicCert, certs.privateCert, string(postgreSQLRootCA), string(opensearchRootCA), nodeDn.CommonName)
 	concurrent := true
 	patchFnParam := &patchFnParameters{
 		sshUtil:       sshUtil,
@@ -1470,7 +1563,7 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 		flagsObj:      &flagsObj,
 		skipIpsList:   skipIpsList,
 	}
-	fmt.Println(patchFnParam)
+	//fmt.Println(patchFnParam)
 	err = c.patchConfig(patchFnParam)
 	if err != nil {
 		return err
diff --git a/components/automate-cli/cmd/chef-automate/config.go b/components/automate-cli/cmd/chef-automate/config.go
index 1784d0cf046..26058819e5f 100644
--- a/components/automate-cli/cmd/chef-automate/config.go
+++ b/components/automate-cli/cmd/chef-automate/config.go
@@ -1124,6 +1124,9 @@ func getRemoteType(flag string, infra *AutomateHAInfraDetails) (string, string)
 func cleanToml(rawData string) string {
 	re := regexp.MustCompile("(?im).*info:.*$")
 	tomlOutput := re.ReplaceAllString(rawData, "")
+	if strings.Contains(tomlOutput, "ping_unicast_hosts = \"[]\"") {
+		tomlOutput = strings.ReplaceAll(tomlOutput, "ping_unicast_hosts = \"[]\"", "ping_unicast_hosts = []")
+	}
 	return tomlOutput
 }
 

From 85515dc483b3cad57df3ea860fc073f098ffa70c Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Mon, 16 Oct 2023 06:02:31 +0530
Subject: [PATCH 05/17] putting frontend on maintenance mode before rotating
 certws

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate.go           | 240 ++++--
 .../cmd/chef-automate/certRotate_mock.go      | 143 ++++
 .../cmd/chef-automate/certRotate_test.go      | 767 +++++++++++++++++-
 .../cmd/chef-automate/constants.go            |   3 +
 .../automate-cli/cmd/chef-automate/summary.go |  20 +
 .../pkg/testfiles/certs/private_key.pem       |  24 +
 .../pkg/testfiles/certs/public_key.pem        |  24 +
 .../testfiles/certs/test_a2_private_key_1.pem |  24 +
 .../testfiles/certs/test_a2_private_key_2.pem |  24 +
 .../testfiles/certs/test_a2_private_key_3.pem |  24 +
 .../testfiles/certs/test_a2_public_key_1.pem  |  24 +
 .../testfiles/certs/test_a2_public_key_2.pem  |  24 +
 .../testfiles/certs/test_a2_public_key_3.pem  |  24 +
 .../pkg/testfiles/certs/test_admin_cert.pem   |  24 +
 .../pkg/testfiles/certs/test_admin_key.pem    |  24 +
 .../testfiles/certs/test_cs_private_key_1.pem |  24 +
 .../testfiles/certs/test_cs_private_key_2.pem |  24 +
 .../testfiles/certs/test_cs_private_key_3.pem |  24 +
 .../testfiles/certs/test_cs_public_key_1.pem  |  24 +
 .../testfiles/certs/test_cs_public_key_2.pem  |  24 +
 .../testfiles/certs/test_cs_public_key_3.pem  |  24 +
 .../testfiles/certs/test_os_private_key_1.pem |  24 +
 .../testfiles/certs/test_os_private_key_2.pem |  24 +
 .../testfiles/certs/test_os_private_key_3.pem |  24 +
 .../testfiles/certs/test_os_public_key_1.pem  |  24 +
 .../testfiles/certs/test_os_public_key_2.pem  |  24 +
 .../testfiles/certs/test_os_public_key_3.pem  |  24 +
 .../testfiles/certs/test_pg_private_key_1.pem |  24 +
 .../testfiles/certs/test_pg_private_key_2.pem |  24 +
 .../testfiles/certs/test_pg_private_key_3.pem |  24 +
 .../testfiles/certs/test_pg_public_key_1.pem  |  24 +
 .../testfiles/certs/test_pg_public_key_2.pem  |  24 +
 .../testfiles/certs/test_pg_public_key_3.pem  |  24 +
 .../pkg/testfiles/certs/test_root_ca.pem      |  24 +
 .../pkg/testfiles/onprem/certs-config.toml    |  52 ++
 35 files changed, 1865 insertions(+), 56 deletions(-)
 create mode 100644 components/automate-cli/cmd/chef-automate/certRotate_mock.go
 create mode 100644 components/automate-cli/pkg/testfiles/certs/private_key.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/public_key.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
 create mode 100644 components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
 create mode 100644 components/automate-cli/pkg/testfiles/onprem/certs-config.toml

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 58a4195f943..656c6b011c1 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -121,6 +121,9 @@ const (
 		root_cert = """%v"""
 		server_name = "%v"
 	`
+	MAINTENANICE_ON_LAG = `
+Follower nodes are behind leader node by %d bytes, to avoid data loss we will put cluster on maintenance mode, do you want to continue :
+`
 )
 
 type certificates struct {
@@ -156,14 +159,16 @@ type certRotateFlow struct {
 	sshUtil     sshutils.SSHUtil
 	writer      *cli.Writer
 	pullConfigs PullConfigs
+	log         logger.Logger
 }
 
-func NewCertRotateFlow(fileUtils fileutils.FileUtils, sshUtil sshutils.SSHUtil, writer *cli.Writer, pullConfigs PullConfigs) *certRotateFlow {
+func NewCertRotateFlow(fileUtils fileutils.FileUtils, sshUtil sshutils.SSHUtil, writer *cli.Writer, pullConfigs PullConfigs, log logger.Logger) *certRotateFlow {
 	return &certRotateFlow{
 		fileUtils:   fileUtils,
 		sshUtil:     sshUtil,
 		writer:      writer,
 		pullConfigs: pullConfigs,
+		log:         log,
 	}
 }
 
@@ -232,7 +237,7 @@ func certRotateCmdFunc(flagsObj *certRotateFlags) func(cmd *cobra.Command, args
 		if err != nil {
 			return err
 		}
-		c := NewCertRotateFlow(&fileutils.FileSystemUtils{}, sshutils.NewSSHUtilWithCommandExecutor(sshutils.NewSshClient(), log, command.NewExecExecutor()), writer, NewPullConfigs(&AutomateHAInfraDetails{}, &SSHUtilImpl{}))
+		c := NewCertRotateFlow(&fileutils.FileSystemUtils{}, sshutils.NewSSHUtilWithCommandExecutor(sshutils.NewSshClient(), log, command.NewExecExecutor()), writer, NewPullConfigs(&AutomateHAInfraDetails{}, &SSHUtilImpl{}), log)
 		return c.certRotate(cmd, args, flagsObj)
 	}
 }
@@ -1219,25 +1224,118 @@ func uniqueIps(ips []string) []string {
 	return uniqueIps
 }
 
-func getPGLeader() (string, string) {
+func getStatusSummary() (StatusSummary, error) {
 	infra, err := getAutomateHAInfraDetails()
 	if err != nil {
-		return "", ""
+		return nil, err
+	}
+	var statusSummaryCmdFlags = StatusSummaryCmdFlags{
+		isPostgresql: true,
 	}
-	var statusSummaryCmdFlags = StatusSummaryCmdFlags{}
 	sshUtil := NewSSHUtil(&SSHConfig{})
 	remoteCmdExecutor := NewRemoteCmdExecutorWithoutNodeMap(sshUtil, writer)
 	statusSummary := NewStatusSummary(infra, FeStatus{}, BeStatus{}, 10, time.Second, &statusSummaryCmdFlags, remoteCmdExecutor)
 	err = statusSummary.Prepare()
+	if err != nil {
+		return nil, err
+	}
+	return statusSummary, nil
+}
+
+func getPGLeader() (string, string) {
+	statusSummary, err := getStatusSummary()
 	if err != nil {
 		return "", ""
 	}
 	return statusSummary.GetPGLeaderNode()
 }
 
+func getMaxPGLag(log logger.Logger) (int64, error) {
+	statusSummary, err := getStatusSummary()
+	if err != nil {
+		return 0, err
+	}
+	lag := statusSummary.GetPGMaxLagAmongFollowers()
+	log.Debug("==========================================================")
+	log.Debug("Total lag in PostgreSQL follower node is %d \n", lag)
+	log.Debug("==========================================================")
+	return lag, nil
+}
+
+func frontendMaintainenceModeOnOFF(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtil sshutils.SSHUtil, onOFFSwitch string, hostIps []string, log logger.Logger) error {
+	sshConfig.Timeout = 1000
+	command := fmt.Sprintf(MAINTENANCE_ON_OFF, onOFFSwitch)
+	log.Debug("========================== MAINTENANCE_ON_OFF ========================")
+	log.Debug(command)
+	log.Debug("========================== MAINTENANCE_ON_OFF ========================")
+	excuteResults := sshUtil.ExecuteConcurrently(sshConfig, command, hostIps)
+	for _, result := range excuteResults {
+		printCertRotateOutput(result, "frontend", writer)
+	}
+	return nil
+}
+
+func startTrafficOnAutomateNode(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtil sshutils.SSHUtil, log logger.Logger) error {
+	hostIps := infra.Outputs.AutomatePrivateIps.Value
+	err := frontendMaintainenceModeOnOFF(infra, sshConfig, sshUtil, OFF, hostIps, log)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func startTrafficOnChefServerNode(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtil sshutils.SSHUtil, log logger.Logger) error {
+	hostIps := infra.Outputs.ChefServerPrivateIps.Value
+	err := frontendMaintainenceModeOnOFF(infra, sshConfig, sshUtil, OFF, hostIps, log)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtil sshutils.SSHUtil, log logger.Logger) error {
+	fontendIps := infra.Outputs.AutomatePrivateIps.Value
+	fontendIps = append(fontendIps, infra.Outputs.ChefServerPrivateIps.Value...)
+	lag, err := getMaxPGLag(log)
+	if err != nil {
+		return err
+	}
+	//////////////////////////////////////////////////////////////////////////
+	agree, err := writer.Confirm(fmt.Sprintf(MAINTENANICE_ON_LAG, lag))
+	if err != nil {
+		return status.Wrap(err, status.InvalidCommandArgsError, errMLSA)
+	}
+	if !agree {
+		return status.New(status.InvalidCommandArgsError, errMLSA)
+	}
+	err = frontendMaintainenceModeOnOFF(infra, sshConfig, sshUtil, ON, fontendIps, log)
+	if err != nil {
+		return err
+	}
+	//////////////////////////////////////////////////////////////////////////
+
+	waitingStart := time.Now()
+	time.Sleep(10 * time.Second)
+	for {
+		lag, err := getMaxPGLag(log)
+		if err != nil {
+			return err
+		}
+		if lag == 0 {
+			break
+		} else {
+			timeElapsed := time.Since(waitingStart)
+			if timeElapsed.Seconds() >= 60 {
+				return status.Wrap(errors.New(""), status.UnhealthyStatusError, fmt.Sprintf("Follower node is still behind the leader by %d bytes\n", lag))
+			}
+		}
+		time.Sleep(10 * time.Second)
+	}
+	return nil
+}
+
 func getCertsFromTemplate(clusterCertificateFile string) (*CertificateToml, error) {
 	if len(clusterCertificateFile) < 1 {
-		writer.Errorln("Cluster certificate file is required")
 		return nil, errors.New("Cluster certificate file is required")
 	}
 	writer.Println("Reading certificates from template file")
@@ -1246,13 +1344,27 @@ func getCertsFromTemplate(clusterCertificateFile string) (*CertificateToml, erro
 		writer.Errorln("Error in fetching certificates from template file")
 		return nil, err
 	}
-	//writer.Println(string(content))
 	certifiacates := &CertificateToml{}
 	toml.Decode(string(content), certifiacates)
 	return certifiacates, nil
 }
 
 func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates) error {
+	sshConfig := c.getSshDetails(infra)
+	configRes := sshutils.SSHConfig{
+		SshUser:    sshConfig.sshUser,
+		SshPort:    sshConfig.sshPort,
+		SshKeyFile: sshConfig.sshKeyFile,
+		HostIP:     sshConfig.hostIP,
+		Timeout:    sshConfig.timeout,
+	}
+	c.log.Debug("==========================================================")
+	c.log.Debug("Stopping traffic MAINTENANICE MODE ON")
+	c.log.Debug("==========================================================")
+	err := checkLagAndStopTraffic(infra, configRes, c.sshUtil, c.log)
+	if err != nil {
+		return err
+	}
 	templateCerts, err := getCertsFromTemplate(clusterCertificateFile)
 	if err != nil {
 		return err
@@ -1260,72 +1372,80 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 	//fmt.Println(templateCerts)
 	if templateCerts != nil {
 		// rotating PG certs
-		writer.Println("Rotating PostgreSQL certificates")
-		writer.Println("Fetching PostgreSQL leader node details")
-		pgLeaderIp, pgLeaderHealth := getPGLeader()
-		writer.Printf("PostgreSQL leader node is %s with status %s \n", pgLeaderIp, pgLeaderHealth)
+		start := time.Now()
+		c.log.Debug("Started executing at %s \n", start.String())
+		c.writer.Println("Rotating PostgreSQL certificates")
 		pgRootCA := templateCerts.PostgreSQL.RootCA
-		writer.Printf("Fetching PostgreSQL RootCA from template %s \n", pgRootCA)
-		if len(pgLeaderIp) > 1 {
-			for _, pgIp := range templateCerts.PostgreSQL.IPS {
-				writer.Println("Searching for PostgreSQL leader node certificates from template")
-				if strings.EqualFold(strings.TrimSpace(pgIp.IP), strings.TrimSpace(pgLeaderIp)) {
-					//rotate pg leader node certs
-					writer.Println("Rotating PostgreSQL leader node certificates")
-					err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp, false)
-					if err != nil {
-						writer.Println(err.Error())
-						return err
-					}
-				}
-			}
-			for _, pgIp := range templateCerts.PostgreSQL.IPS {
-				if strings.EqualFold(strings.TrimSpace(pgIp.IP), strings.TrimSpace(pgLeaderIp)) {
-					continue
-				}
-				writer.Println("Rotating PostgreSQL follower node certificates")
-				err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp, false)
-				if err != nil {
-					return err
-				}
+		c.writer.Printf("Fetching PostgreSQL RootCA from template %s \n", pgRootCA)
+		for _, pgIp := range templateCerts.PostgreSQL.IPS {
+			c.writer.Println("Rotating PostgreSQL follower node certificates")
+			err := c.rotatePGNodeCerts(infra, sshUtil, currentCertsInfo, pgRootCA, &pgIp, true)
+			if err != nil {
+				return err
 			}
-		} else {
-			return errors.New("Not able to find PostgreSQL leader node, please ensure leader node is in healthy state")
 		}
+		timeElapsed := time.Since(start)
+		c.log.Debug("Time Elapsed to execute Postgresql certificate rotation since start %f \n", timeElapsed.Seconds())
 		// rotating OS certs
 		for i, osIp := range templateCerts.OpenSearch.IPS {
-			writer.Printf("Rotating OpenSearch node %d certificates \n", i)
+			c.writer.Printf("Rotating OpenSearch node %d certificates \n", i)
 			err := c.rotateOSNodeCerts(infra, sshUtil, currentCertsInfo, &templateCerts.OpenSearch, &osIp, false)
 			if err != nil {
 				return err
 			}
 		}
+		timeElapsed = time.Since(start)
+		c.log.Debug("Time Elapsed to execute Opensearch certificate rotation since start %f \n", timeElapsed.Seconds())
 
 		// rotate AutomateCerts
 
 		for i, a2Ip := range templateCerts.Automate.IPS {
-			writer.Printf("Rotating Automate node %d certificates \n", i)
+			c.writer.Printf("Rotating Automate node %d certificates \n", i)
 			err := c.rotateAutomateNodeCerts(infra, sshUtil, currentCertsInfo, templateCerts, &a2Ip)
 			if err != nil {
 				return err
 			}
 		}
 
+		timeElapsed = time.Since(start)
+		c.log.Debug("Time Elapsed to execute Automate certificate rotation since start %f \n", timeElapsed.Seconds())
+
+		c.log.Debug("==========================================================")
+		c.log.Debug("Starting traffic on Autoamate nodes MAINTENANICE MODE OFF")
+		c.log.Debug("==========================================================")
+		err = startTrafficOnAutomateNode(infra, configRes, c.sshUtil, c.log)
+		if err != nil {
+			return err
+		}
+
 		for i, csIp := range templateCerts.ChefServer.IPS {
-			writer.Printf("Rotating Chef Server node %d certificates \n", i)
+			c.writer.Printf("Rotating Chef Server node %d certificates \n", i)
 			err := c.rotateChefServerNodeCerts(infra, sshUtil, currentCertsInfo, templateCerts, &csIp)
 			if err != nil {
 				return err
 			}
 		}
 
+		timeElapsed = time.Since(start)
+		c.log.Debug("Time Elapsed to execute ChefServer certificate rotation since start %f \n", timeElapsed.Seconds())
+
+		c.log.Debug("==========================================================")
+		c.log.Debug("Starting traffic on chef server nodes MAINTENANICE MODE OFF")
+		c.log.Debug("==========================================================")
+		err = startTrafficOnChefServerNode(infra, configRes, c.sshUtil, c.log)
+		if err != nil {
+			return err
+		}
+
 	}
 	return nil
 }
 
 func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP, concurrent bool) error {
+	start := time.Now()
+	c.writer.Printf("Roating PostgreSQL node %s certificate at %s \n", pgIps.IP, start.String())
 	if len(pgIps.PrivateKey) == 0 || len(pgIps.Publickey) == 0 {
-		writer.Printf("Empty certificate for PostgerSQL node %s \n", pgIps.IP)
+		c.writer.Printf("Empty certificate for PostgerSQL node %s \n", pgIps.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for PostgerSQL node %s \n", pgIps.IP))
 	}
 	flagsObj := certRotateFlags{
@@ -1371,12 +1491,16 @@ func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUti
 	if err != nil {
 		return err
 	}
+	timeElapsed := time.Since(start)
+	c.log.Debug("Time taken to roate PostgreSQL node %s certificate at %f \n", pgIps.IP, timeElapsed.Seconds())
 	return nil
 }
 
 func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, oss *NodeCertficate, osIp *IP, concurrent bool) error {
+	start := time.Now()
+	c.writer.Printf("Roating opensearch node %s certificate at %s \n", osIp.IP, start.String())
 	if len(osIp.PrivateKey) == 0 || len(osIp.Publickey) == 0 {
-		writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
+		c.writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
 	}
 	fmt.Printf("Admin cert path : %s", oss.AdminPublickey)
@@ -1412,12 +1536,12 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 	}
 	adminDn, err := getDistinguishedNameFromKey(adminPublicCertString)
 	if err != nil {
-		fmt.Println("Error in decoding admin cert, not able to get adminDn")
+		c.writer.Printf("Error in decoding admin cert, not able to get adminDn")
 		return err
 	}
 	nodeDn, err := getDistinguishedNameFromKey(certs.publicCert)
 	if err != nil {
-		fmt.Println("Error in decoding node cert, not able to get nodeDn")
+		c.writer.Printf("Error in decoding node cert, not able to get nodeDn")
 		return err
 	}
 	existingNodesDN := strings.TrimSpace(currentCertsInfo.OpensearchCertsByIP[0].NodesDn)
@@ -1468,12 +1592,14 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 		}
 
 	}
+	timeElapsed := time.Since(start)
+	c.log.Debug("Time taken to roate opensearch node %s certificate at %f \n", osIp.IP, timeElapsed.Seconds())
 	return nil
 }
 
 func (c *certRotateFlow) rotateAutomateNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, a2Ip *IP) error {
 	if len(a2Ip.PrivateKey) == 0 || len(a2Ip.Publickey) == 0 {
-		writer.Printf("Empty certificate for Automte node %s \n", a2Ip.IP)
+		c.writer.Printf("Empty certificate for Automte node %s \n", a2Ip.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for Automte node %s \n", a2Ip.IP))
 	}
 	flagsObj := certRotateFlags{
@@ -1489,7 +1615,7 @@ func (c *certRotateFlow) rotateAutomateNodeCerts(infra *AutomateHAInfraDetails,
 
 func (c *certRotateFlow) rotateChefServerNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, csIp *IP) error {
 	if len(csIp.PrivateKey) == 0 || len(csIp.Publickey) == 0 {
-		writer.Printf("Empty certificate for Chef Server node %s \n", csIp.IP)
+		c.writer.Printf("Empty certificate for Chef Server node %s \n", csIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for Chef Server node %s \n", csIp.IP))
 	}
 	flagsObj := certRotateFlags{
@@ -1573,27 +1699,31 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 
 func generateCertificateConfig() func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 {
-			return errors.Errorf("command need a output file name like cert-config.toml")
-		}
-		err, certTemplate := populateCertificateConfig()
+		inf, err := getAutomateHAInfraDetails()
 		if err != nil {
 			return err
 		}
-		config, err := chefToml.Marshal(certTemplate)
+		err, certTemplate := populateCertificateConfig(inf)
 		if err != nil {
 			return err
 		}
-		writer.Printf("certificate config file is generate %s, Please update the file with releavent certificate file paths \n", args[0])
-		return fileutils.WriteFile(args[0], config, 0600)
+		return writeCertificateConfigToFile(inf, args, certTemplate, &fileutils.FileSystemUtils{})
 	}
 }
 
-func populateCertificateConfig() (error, *CertificateToml) {
-	infra, err := getAutomateHAInfraDetails()
+func writeCertificateConfigToFile(infra *AutomateHAInfraDetails, args []string, certTemplate *CertificateToml, fUtils fileutils.FileUtils) error {
+	if len(args) < 1 {
+		return errors.Errorf("command need a output file name like cert-config.toml")
+	}
+	config, err := chefToml.Marshal(certTemplate)
 	if err != nil {
-		return err, nil
+		return err
 	}
+	writer.Printf("certificate config file is generate %s, Please update the file with releavent certificate file paths \n", fileName)
+	return fUtils.WriteFile(fileName, config, 0600)
+}
+
+func populateCertificateConfig(infra *AutomateHAInfraDetails) (error, *CertificateToml) {
 	certifiacates := &CertificateToml{
 		Automate: NodeCertficate{
 			IPS: getIPS(infra, AUTOMATE),
diff --git a/components/automate-cli/cmd/chef-automate/certRotate_mock.go b/components/automate-cli/cmd/chef-automate/certRotate_mock.go
new file mode 100644
index 00000000000..9f6e1f5de76
--- /dev/null
+++ b/components/automate-cli/cmd/chef-automate/certRotate_mock.go
@@ -0,0 +1,143 @@
+package main
+
+import (
+	"github.com/chef/automate/api/config/deployment"
+	"github.com/chef/automate/lib/sshutils"
+	"github.com/spf13/cobra"
+)
+
+type MockCertRotateFlowImpl struct {
+	CertRotateFunc                                   func(cmd *cobra.Command, args []string, flagsObj *certRotateFlags) error
+	CertRotateFrontendFunc                           func(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) error
+	CertRotatePGFunc                                 func(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error
+	CertRotateFrontendForPGFunc                      func(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, timestamp string) error
+	GetSkipIpsListForPgRootCAPatchingFunc            func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, certs *certificates) ([]string, error)
+	CertRotateOSFunc                                 func(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error
+	CertRotateFrontendForOSFunc                      func(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, nodesCn string, timestamp string) error
+	GetSkipIpsListForOsRootCACNPatchingFunc          func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, certs *certificates, nodesCn string, flagsObj *certRotateFlags) ([]string, error)
+	GetFrontIpsToSkipRootCAandCNPatchingForOsFunc    func(automatesConfig map[string]*deployment.AutomateConfig, newRootCA string, newCn string, node string, infra *AutomateHAInfraDetails) []string
+	GetFrontendIPsToSkipRootCAPatchingForPgFunc      func(automatesConfig map[string]*deployment.AutomateConfig, newRootCA string, infra *AutomateHAInfraDetails) []string
+	PatchConfigFunc                                  func(param *patchFnParameters) error
+	CopyAndExecuteFunc                               func(ips []string, sshUtil SSHUtil, timestamp string, remoteService string, fileName string, scriptCommands string, flagsObj *certRotateFlags) error
+	CopyAndExecuteConcurrentlyToFrontEndNodesFunc    func(ips []string, sshConfig sshutils.SSHConfig, timestamp string, remoteService string, fileName string, scriptCommands string, flagsObj *certRotateFlags) error
+	ValidateEachIpFunc                               func(remoteService string, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags) bool
+	GetSshDetailsFunc                                func(infra *AutomateHAInfraDetails) *SSHConfig
+	GetIpsFunc                                       func(remoteService string, infra *AutomateHAInfraDetails) []string
+	IsIPInClusterFunc                                func(ip string, infra *AutomateHAInfraDetails) bool
+	GetAllIPsFunc                                    func(infra *AutomateHAInfraDetails) []string
+	GetFilteredIpsFunc                               func(serviceIps, skipIpsList []string) []string
+	CompareCurrentCertsWithNewCertsFunc              func(remoteService string, newCerts *certificates, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) []string
+	ComparePublicCertAndPrivateCertFunc              func(newCerts *certificates, certByIpList []CertByIP, isCertsSame bool, flagsObj *certRotateFlags) []string
+	GetFrontEndIpsForSkippingCnAndRootCaPatchingFunc func(newRootCA, newCn, oldCn, oldRootCA, node string) bool
+	SkipMessagePrinterFunc                           func(remoteService, skipIpsMsg, nodeFlag string, skipIpsList []string)
+	GetCertsFunc                                     func(infra *AutomateHAInfraDetails, flagsObj *certRotateFlags) (*certificates, error)
+	IsRemotePathFunc                                 func(path string) bool
+	GetIPV4Func                                      func(path string) string
+	GetMergerFunc                                    func(fileName string, timestamp string, remoteType string, config string, sshUtil SSHUtil) (string, error)
+	CertRotateFromTemplateFunc                       func(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates) error
+	RotatePGNodeCertsFunc                            func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP, concurrent bool) error
+	RotateOSNodeCertsFunc                            func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, oss *NodeCertficate, osIp *IP, concurrent bool) error
+	RotateAutomateNodeCertsFunc                      func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, a2Ip *IP) error
+	RotateChefServerNodeCertsFunc                    func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, csIp *IP) error
+	RotateClusterFrontendCertificatesFunc            func(infra *AutomateHAInfraDetails, sshUtil SSHUtil, flagsObj certRotateFlags, currentCertsInfo *certShowCertificates, certToml *CertificateToml) error
+}
+
+func (mcrf *MockCertRotateFlowImpl) CertRotate(cmd *cobra.Command, args []string, flagsObj *certRotateFlags) error {
+	return mcrf.CertRotateFunc(cmd, args, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotateFrontend(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) error {
+	return mcrf.CertRotateFrontendFunc(sshUtil, certs, infra, flagsObj, currentCertsInfo)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotatePG(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error {
+	return mcrf.CertRotatePGFunc(sshUtil, certs, infra, flagsObj, currentCertsInfo, skipFrontend)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotateFrontendForPG(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, timestamp string) error {
+	return mcrf.CertRotateFrontendForPGFunc(sshUtil, certs, infra, flagsObj, timestamp)
+}
+func (mcrf *MockCertRotateFlowImpl) GetSkipIpsListForPgRootCAPatching(infra *AutomateHAInfraDetails, sshUtil SSHUtil, certs *certificates) ([]string, error) {
+	return mcrf.GetSkipIpsListForPgRootCAPatchingFunc(infra, sshUtil, certs)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotateOS(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates, skipFrontend bool) error {
+	return mcrf.CertRotateOSFunc(sshUtil, certs, infra, flagsObj, currentCertsInfo, skipFrontend)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotateFrontendForOS(sshUtil SSHUtil, certs *certificates, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags, nodesCn string, timestamp string) error {
+	return mcrf.CertRotateFrontendForOSFunc(sshUtil, certs, infra, flagsObj, nodesCn, timestamp)
+}
+func (mcrf *MockCertRotateFlowImpl) GetSkipIpsListForOsRootCACNPatching(infra *AutomateHAInfraDetails, sshUtil SSHUtil, certs *certificates, nodesCn string, flagsObj *certRotateFlags) ([]string, error) {
+	return mcrf.GetSkipIpsListForOsRootCACNPatchingFunc(infra, sshUtil, certs, nodesCn, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) GetFrontIpsToSkipRootCAandCNPatchingForOs(automatesConfig map[string]*deployment.AutomateConfig, newRootCA string, newCn string, node string, infra *AutomateHAInfraDetails) []string {
+	return mcrf.GetFrontIpsToSkipRootCAandCNPatchingForOsFunc(automatesConfig, newRootCA, newCn, node, infra)
+}
+func (mcrf *MockCertRotateFlowImpl) GetFrontendIPsToSkipRootCAPatchingForPg(automatesConfig map[string]*deployment.AutomateConfig, newRootCA string, infra *AutomateHAInfraDetails) []string {
+	return mcrf.GetFrontendIPsToSkipRootCAPatchingForPgFunc(automatesConfig, newRootCA, infra)
+}
+func (mcrf *MockCertRotateFlowImpl) PatchConfig(param *patchFnParameters) error {
+	return mcrf.PatchConfigFunc(param)
+}
+func (mcrf *MockCertRotateFlowImpl) CopyAndExecute(ips []string, sshUtil SSHUtil, timestamp string, remoteService string, fileName string, scriptCommands string, flagsObj *certRotateFlags) error {
+	return mcrf.CopyAndExecuteFunc(ips, sshUtil, timestamp, remoteService, fileName, scriptCommands, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) CopyAndExecuteConcurrentlyToFrontEndNodes(ips []string, sshConfig sshutils.SSHConfig, timestamp string, remoteService string, fileName string, scriptCommands string, flagsObj *certRotateFlags) error {
+	return mcrf.CopyAndExecuteConcurrentlyToFrontEndNodesFunc(ips, sshConfig, timestamp, remoteService, fileName, scriptCommands, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) ValidateEachIp(remoteService string, infra *AutomateHAInfraDetails, flagsObj *certRotateFlags) bool {
+	return mcrf.ValidateEachIpFunc(remoteService, infra, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) GetSshDetails(infra *AutomateHAInfraDetails) *SSHConfig {
+	return mcrf.GetSshDetailsFunc(infra)
+}
+func (mcrf *MockCertRotateFlowImpl) GetIps(remoteService string, infra *AutomateHAInfraDetails) []string {
+	return mcrf.GetIpsFunc(remoteService, infra)
+}
+func (mcrf *MockCertRotateFlowImpl) IsIPInCluster(ip string, infra *AutomateHAInfraDetails) bool {
+	return mcrf.IsIPInClusterFunc(ip, infra)
+}
+func (mcrf *MockCertRotateFlowImpl) GetAllIPs(infra *AutomateHAInfraDetails) []string {
+	return mcrf.GetAllIPsFunc(infra)
+}
+func (mcrf *MockCertRotateFlowImpl) GetFilteredIps(serviceIps, skipIpsList []string) []string {
+	return mcrf.GetFilteredIpsFunc(serviceIps, skipIpsList)
+}
+func (mcrf *MockCertRotateFlowImpl) CompareCurrentCertsWithNewCerts(remoteService string, newCerts *certificates, flagsObj *certRotateFlags, currentCertsInfo *certShowCertificates) []string {
+	return mcrf.CompareCurrentCertsWithNewCertsFunc(remoteService, newCerts, flagsObj, currentCertsInfo)
+}
+func (mcrf *MockCertRotateFlowImpl) ComparePublicCertAndPrivateCert(newCerts *certificates, certByIpList []CertByIP, isCertsSame bool, flagsObj *certRotateFlags) []string {
+	return mcrf.ComparePublicCertAndPrivateCertFunc(newCerts, certByIpList, isCertsSame, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) GetFrontEndIpsForSkippingCnAndRootCaPatching(newRootCA, newCn, oldCn, oldRootCA, node string) bool {
+	return mcrf.GetFrontEndIpsForSkippingCnAndRootCaPatchingFunc(newRootCA, newCn, oldCn, oldRootCA, node)
+}
+func (mcrf *MockCertRotateFlowImpl) SkipMessagePrinter(remoteService, skipIpsMsg, nodeFlag string, skipIpsList []string) {
+	mcrf.SkipMessagePrinterFunc(remoteService, skipIpsMsg, nodeFlag, skipIpsList)
+}
+func (mcrf *MockCertRotateFlowImpl) GetCerts(infra *AutomateHAInfraDetails, flagsObj *certRotateFlags) (*certificates, error) {
+	return mcrf.GetCertsFunc(infra, flagsObj)
+}
+func (mcrf *MockCertRotateFlowImpl) IsRemotePath(path string) bool {
+	return mcrf.IsRemotePathFunc(path)
+}
+func (mcrf *MockCertRotateFlowImpl) GetIPV4(path string) string {
+	return mcrf.GetIPV4Func(path)
+}
+func (mcrf *MockCertRotateFlowImpl) GetMerger(fileName string, timestamp string, remoteType string, config string, sshUtil SSHUtil) (string, error) {
+	return mcrf.GetMergerFunc(fileName, timestamp, remoteType, config, sshUtil)
+}
+func (mcrf *MockCertRotateFlowImpl) CertRotateFromTemplate(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates) error {
+	return mcrf.CertRotateFromTemplateFunc(clusterCertificateFile, sshUtil, infra, currentCertsInfo)
+}
+func (mcrf *MockCertRotateFlowImpl) RotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP, concurrent bool) error {
+	return mcrf.RotatePGNodeCertsFunc(infra, sshUtil, currentCertsInfo, pgRootCA, pgIps, concurrent)
+}
+func (mcrf *MockCertRotateFlowImpl) RotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, oss *NodeCertficate, osIp *IP, concurrent bool) error {
+	return mcrf.RotateOSNodeCertsFunc(infra, sshUtil, currentCertsInfo, oss, osIp, concurrent)
+}
+func (mcrf *MockCertRotateFlowImpl) RotateAutomateNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, a2Ip *IP) error {
+	return mcrf.RotateAutomateNodeCertsFunc(infra, sshUtil, currentCertsInfo, certToml, a2Ip)
+}
+func (mcrf *MockCertRotateFlowImpl) RotateChefServerNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, certToml *CertificateToml, csIp *IP) error {
+	return mcrf.RotateChefServerNodeCertsFunc(infra, sshUtil, currentCertsInfo, certToml, csIp)
+}
+func (mcrf *MockCertRotateFlowImpl) RotateClusterFrontendCertificates(infra *AutomateHAInfraDetails, sshUtil SSHUtil, flagsObj certRotateFlags, currentCertsInfo *certShowCertificates, certToml *CertificateToml) error {
+	return mcrf.RotateClusterFrontendCertificatesFunc(infra, sshUtil, flagsObj, currentCertsInfo, certToml)
+}
diff --git a/components/automate-cli/cmd/chef-automate/certRotate_test.go b/components/automate-cli/cmd/chef-automate/certRotate_test.go
index 6bcd33db098..e3f8c2bc619 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate_test.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate_test.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"fmt"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"sort"
@@ -10,6 +12,7 @@ import (
 	"github.com/chef/automate/api/config/deployment"
 	"github.com/chef/automate/api/config/shared"
 	"github.com/chef/automate/lib/io/fileutils"
+	"github.com/chef/automate/lib/logger"
 	"github.com/chef/automate/lib/sshutils"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
@@ -282,6 +285,131 @@ WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
 	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
 	-----END CERTIFICATE-----"""`
 	testfile = `./testfiles/ssh`
+
+	rootCA = `-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----`
+	admin_cert = `-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----`
+	admin_key = `-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----`
+
+	public_key = `-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----`
+	private_key = `-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----`
+
+	private_cert_path = "../../pkg/testfiles/certs/private_key.pem"
+	public_cert_path  = "../../pkg/testfiles/certs/public_key.pem"
 )
 
 var sshConfig = sshutils.SSHConfig{
@@ -2335,7 +2463,8 @@ func NewMockInfra() *AutomateHAInfraDetails {
 }
 
 func NewCertRotate() *certRotateFlow {
-	c := NewCertRotateFlow(mockFS(), &sshutils.MockSSHUtilsImpl{}, writer, &MockPullConfigs{})
+	log, _ := logger.NewLogger("text", "debug")
+	c := NewCertRotateFlow(mockFS(), &sshutils.MockSSHUtilsImpl{}, writer, &MockPullConfigs{}, log)
 	return c
 }
 
@@ -2352,5 +2481,641 @@ func mockFS() *fileutils.MockFileSystemUtils {
 				return []byte{}, err
 			}
 		},
+		WriteFileFunc: func(filename string, data []byte, prem fs.FileMode) error {
+			if len(filename) > 0 {
+				// path/to/whatever exists
+				return nil
+			} else {
+				errors.New("File not found")
+			}
+			return nil
+		},
+	}
+}
+
+func TestGetIPS(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description   string
+		inf           *AutomateHAInfraDetails
+		nodeType      string
+		isError       bool
+		ExpectedError string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Test Case to get IP of Automate node",
+			inf:         infra,
+			nodeType:    AUTOMATE,
+			isError:     false,
+		},
+		{
+			description: "Test Case to get IP of Chef Server node",
+			inf:         infra,
+			nodeType:    CHEF_SERVER,
+			isError:     false,
+		},
+		{
+			description: "Test Case to get IP of Postgresql node",
+			inf:         infra,
+			nodeType:    POSTGRESQL,
+			isError:     false,
+		},
+		{
+			description: "Test Case to get IP of Opensearch node",
+			inf:         infra,
+			nodeType:    OPENSEARCH,
+			isError:     false,
+		},
+		{
+			description: "Test Case to get Dummy Server of Automate node",
+			inf:         infra,
+			nodeType:    "DummyServer",
+			isError:     true,
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			output := getIPS(testCase.inf, testCase.nodeType)
+			if testCase.isError {
+				assert.Empty(t, output, "Invalid server name")
+			} else {
+				assert.NotEmpty(t, output, "Get IPs for "+testCase.nodeType)
+			}
+		})
+	}
+}
+
+func TestPopulateCertificateConfig(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+
+	t.Run("get certificate toml", func(t *testing.T) {
+		err, output := populateCertificateConfig(infra)
+		if err != nil {
+			assert.Error(t, err, "Error in populating certs")
+		} else {
+			assert.NotNil(t, output, "got populated certificates")
+		}
+	})
+}
+
+func TestWriteCertificateConfigToFile(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description   string
+		inf           *AutomateHAInfraDetails
+		args          []string
+		certTemplate  *CertificateToml
+		fileUtil      fileutils.FileUtils
+		isError       bool
+		ExpectedError string
+	}
+	testCases := []testCaseInfo{
+		{
+			description:   "Test to generate file",
+			inf:           infra,
+			args:          []string{"cert-config.toml"},
+			certTemplate:  mockCertifiateTemplate(),
+			fileUtil:      mockFS(),
+			isError:       false,
+			ExpectedError: "",
+		},
+		{
+			description:   "Test to generate file with empty file name",
+			inf:           infra,
+			args:          []string{},
+			certTemplate:  mockCertifiateTemplate(),
+			fileUtil:      mockFS(),
+			isError:       true,
+			ExpectedError: "command need a output file name like cert-config.toml",
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			err := writeCertificateConfigToFile(testCase.inf, testCase.args, testCase.certTemplate, testCase.fileUtil)
+			if testCase.isError {
+				assert.EqualError(t, err, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestRotateClusterFrontendCertificates(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description      string
+		inf              *AutomateHAInfraDetails
+		flagsObj         certRotateFlags
+		currentCertsInfo *certShowCertificates
+		certToml         *CertificateToml
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Rotate Frontend Certs",
+			inf:         infra,
+			flagsObj: certRotateFlags{
+				privateCertPath: private_cert_path,
+				publicCertPath:  public_cert_path,
+			},
+			currentCertsInfo: mockCertShowCertificates(),
+			certToml:         mockCertifiateTemplate(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil: &sshutils.MockSSHUtilsImpl{
+				CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+					return "", nil
+				},
+			},
+			isError:       true,
+			ExpectedError: "No  IPs are found",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: mockFS(),
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl()}
+			output := c.rotateClusterFrontendCertificates(testCase.inf, testCase.sshutil, testCase.flagsObj, testCase.currentCertsInfo, testCase.certToml)
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
+func TestRotateChefServerNodeCerts(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description      string
+		inf              *AutomateHAInfraDetails
+		flagsObj         certRotateFlags
+		currentCertsInfo *certShowCertificates
+		certToml         *CertificateToml
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Rotate Frontend Certs",
+			inf:         infra,
+			flagsObj: certRotateFlags{
+				privateCertPath: private_cert_path,
+				publicCertPath:  public_cert_path,
+			},
+			currentCertsInfo: mockCertShowCertificates(),
+			certToml:         mockCertifiateTemplate(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil: &sshutils.MockSSHUtilsImpl{
+				CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+					return "", nil
+				},
+			},
+			isError:       false,
+			ExpectedError: "Please Enter Valid chef_server IP",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: mockFS(),
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl()}
+			output := c.rotateChefServerNodeCerts(testCase.inf, testCase.sshutil, testCase.currentCertsInfo, testCase.certToml, &testCase.certToml.ChefServer.IPS[0])
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
+func TestRotateAutomateNodeCerts(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description      string
+		inf              *AutomateHAInfraDetails
+		flagsObj         certRotateFlags
+		currentCertsInfo *certShowCertificates
+		certToml         *CertificateToml
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Rotate Frontend Certs",
+			inf:         infra,
+			flagsObj: certRotateFlags{
+				privateCertPath: private_cert_path,
+				publicCertPath:  public_cert_path,
+			},
+			currentCertsInfo: mockCertShowCertificates(),
+			certToml:         mockCertifiateTemplate(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil: &sshutils.MockSSHUtilsImpl{
+				CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+					return "", nil
+				},
+			},
+			isError:       false,
+			ExpectedError: "Please Enter Valid opensearch IP",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: mockFS(),
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl()}
+			output := c.rotateAutomateNodeCerts(testCase.inf, testCase.sshutil, testCase.currentCertsInfo, testCase.certToml, &testCase.certToml.Automate.IPS[0])
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
+func TestRotatePGNodeCerts(t *testing.T) {
+	_, infra := getMockCertRotateFlowAndInfra()
+	log, _ := logger.NewLogger("text", "info")
+	type testCaseInfo struct {
+		description      string
+		inf              *AutomateHAInfraDetails
+		flagsObj         certRotateFlags
+		currentCertsInfo *certShowCertificates
+		certToml         *CertificateToml
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Rotate Frontend Certs",
+			inf:         infra,
+			flagsObj: certRotateFlags{
+				privateCertPath: private_cert_path,
+				publicCertPath:  public_cert_path,
+			},
+			currentCertsInfo: mockCertShowCertificates(),
+			certToml:         mockCertifiateTemplate(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil: &sshutils.MockSSHUtilsImpl{
+				CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+					return "", nil
+				},
+			},
+			isError:       false,
+			ExpectedError: "Please Enter Valid postgresql IP",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: mockFS(),
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl(),
+				log:     log,
+			}
+			output := c.rotatePGNodeCerts(testCase.inf, testCase.sshutil, testCase.currentCertsInfo, testCase.certToml.PostgreSQL.RootCA, &testCase.certToml.PostgreSQL.IPS[0], true)
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
+func TestRotateOSNodeCerts(t *testing.T) {
+	log, _ := logger.NewLogger("text", "info")
+	_, infra := getMockCertRotateFlowAndInfra()
+	type testCaseInfo struct {
+		description      string
+		inf              *AutomateHAInfraDetails
+		flagsObj         certRotateFlags
+		currentCertsInfo *certShowCertificates
+		certToml         *CertificateToml
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description: "Rotate Frontend Certs",
+			inf:         infra,
+			flagsObj: certRotateFlags{
+				privateCertPath: private_cert_path,
+				publicCertPath:  public_cert_path,
+			},
+			currentCertsInfo: mockCertShowCertificates(),
+			certToml:         mockCertifiateTemplate(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil: &sshutils.MockSSHUtilsImpl{
+				CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+					return []sshutils.Result{
+						{
+							HostIP: "",
+							Error:  nil,
+							Output: "",
+						},
+					}
+				},
+				Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+					return "", nil
+				},
+			},
+			isError:       true,
+			ExpectedError: "Near line 1 (last key parsed 'config'): expected key separator '=', but got 's' instead",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: mockFS(),
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl(), log: log}
+			output := c.rotateOSNodeCerts(testCase.inf, testCase.sshutil, testCase.currentCertsInfo, &testCase.certToml.OpenSearch, &testCase.certToml.OpenSearch.IPS[0], false)
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
+func mockCertifiateTemplate() *CertificateToml {
+	return &CertificateToml{
+		Automate: NodeCertficate{
+			RootCA:          "../../pkg/testfiles/certs/test_root_ca.pem",
+			AdminPublickey:  "",
+			AdminPrivateKey: "",
+			IPS: []IP{
+				{
+					IP:         ValidIP,
+					Publickey:  "../../pkg/testfiles/certs/test_a2_public_key_1.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_a2_private_key_1.pem",
+				},
+				{
+					IP:         ValidIP1,
+					Publickey:  "../../pkg/testfiles/certs/test_a2_public_key_2.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_a2_private_key_2.pem",
+				},
+			},
+		},
+		ChefServer: NodeCertficate{
+			RootCA:          "../../pkg/testfiles/certs/test_root_ca.pem",
+			AdminPublickey:  "",
+			AdminPrivateKey: "",
+			IPS: []IP{
+				{
+					IP:         ValidIP2,
+					Publickey:  "../../pkg/testfiles/certs/test_cs_public_key_1.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_cs_private_key_1.pem",
+				},
+				{
+					IP:         ValidIP3,
+					Publickey:  "../../pkg/testfiles/certs/test_cs_public_key_2.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_cs_private_key_2.pem",
+				},
+			},
+		},
+		OpenSearch: NodeCertficate{
+			RootCA:          "../../pkg/testfiles/certs/test_root_ca.pem",
+			AdminPublickey:  "../../pkg/testfiles/certs/test_admin_cert.pem",
+			AdminPrivateKey: "../../pkg/testfiles/certs/test_admin_key.pem",
+			IPS: []IP{
+				{
+					IP:         ValidIP4,
+					Publickey:  "../../pkg/testfiles/certs/test_os_public_key_1.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_os_private_key_1.pem",
+				},
+				{
+					IP:         ValidIP5,
+					Publickey:  "../../pkg/testfiles/certs/test_os_public_key_2.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_os_private_key_2.pem",
+				},
+				{
+					IP:         ValidIP6,
+					Publickey:  "../../pkg/testfiles/certs/test_os_public_key_3.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_os_private_key_3.pem",
+				},
+			},
+		},
+		PostgreSQL: NodeCertficate{
+			RootCA:          "../../pkg/testfiles/certs/test_root_ca.pem",
+			AdminPublickey:  "",
+			AdminPrivateKey: "",
+			IPS: []IP{
+				{
+					IP:         ValidIP7,
+					Publickey:  "../../pkg/testfiles/certs/test_pg_public_key_1.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_pg_private_key_1.pem",
+				},
+				{
+					IP:         ValidIP8,
+					Publickey:  "../../pkg/testfiles/certs/test_pg_public_key_2.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_pg_private_key_2.pem",
+				},
+				{
+					IP:         ValidIP9,
+					Publickey:  "../../pkg/testfiles/certs/test_pg_public_key_3.pem",
+					PrivateKey: "../../pkg/testfiles/certs/test_pg_private_key_3.pem",
+				},
+			},
+		},
+	}
+}
+
+func mockCertShowCertificates() *certShowCertificates {
+	return &certShowCertificates{
+		AutomateRootCert:    rootCA,
+		PostgresqlRootCert:  rootCA,
+		OpensearchRootCert:  rootCA,
+		OpensearchAdminCert: admin_cert,
+		OpensearchAdminKey:  admin_key,
+		AutomateCertsByIP: []CertByIP{
+			{
+				IP:         "10.1.0.1",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.1.0.2",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.1.0.3",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+		},
+		ChefServerCertsByIP: []CertByIP{
+			{
+				IP:         "10.2.0.1",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.2.0.2",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.2.0.3",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+		},
+		OpensearchCertsByIP: []CertByIP{
+			{
+				IP:         "10.3.0.1",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+				NodesDn:    "test_node_dn",
+			},
+			{
+				IP:         "10.3.0.2",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+				NodesDn:    "test_node_dn",
+			},
+			{
+				IP:         "10.3.0.3",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+				NodesDn:    "test_node_dn",
+			},
+		},
+		PostgresqlCertsByIP: []CertByIP{
+			{
+				IP:         "10.4.0.1",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.4.0.2",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+			{
+				IP:         "10.4.0.3",
+				PublicKey:  public_key,
+				PrivateKey: private_key,
+			},
+		},
+	}
+}
+
+func mockCerts() *certificates {
+	return &certificates{
+		privateCert: private_key,
+		publicCert:  public_key,
+		rootCA:      rootCA,
+		adminCert:   admin_cert,
+		adminKey:    admin_key,
 	}
 }
diff --git a/components/automate-cli/cmd/chef-automate/constants.go b/components/automate-cli/cmd/chef-automate/constants.go
index 881379d0631..8232a0a92ec 100644
--- a/components/automate-cli/cmd/chef-automate/constants.go
+++ b/components/automate-cli/cmd/chef-automate/constants.go
@@ -35,4 +35,7 @@ const (
 	TMP_DIR                        = "/tmp"
 	CERTIFICATE_TEMPLATE_TOML_FILE = "/hab/a2_deploy_workspace/certificate.toml"
 	CLUSTER                        = "cluster"
+	MAINTENANCE_ON_OFF             = "sudo chef-automate maintenance %s"
+	ON                             = "on"
+	OFF                            = "off"
 )
diff --git a/components/automate-cli/cmd/chef-automate/summary.go b/components/automate-cli/cmd/chef-automate/summary.go
index 63052196db7..04acd3a173f 100644
--- a/components/automate-cli/cmd/chef-automate/summary.go
+++ b/components/automate-cli/cmd/chef-automate/summary.go
@@ -46,6 +46,7 @@ type StatusSummary interface {
 	ShowFEStatus() string
 	ShowBEStatus() string
 	GetPGLeaderNode() (string, string)
+	GetPGMaxLagAmongFollowers() int64
 }
 
 type Summary struct {
@@ -681,3 +682,22 @@ func (ss *Summary) GetPGLeaderNode() (string, string) {
 	}
 	return "", ""
 }
+
+func (ss *Summary) GetPGMaxLagAmongFollowers() int64 {
+	var maxLag int64 = 0
+	if len(ss.beStatus) != 0 {
+		for _, status := range ss.beStatus {
+			if status.role == "Follower" && status.serviceName == "postgresql" {
+				re := regexp.MustCompile("[0-9]+")
+				lagsNumberics := re.FindAllString(status.lag, -1)
+				if len(lagsNumberics) > 0 {
+					lag, _ := strconv.ParseInt(lagsNumberics[0], 10, 64)
+					if lag > maxLag {
+						maxLag = lag
+					}
+				}
+			}
+		}
+	}
+	return maxLag
+}
diff --git a/components/automate-cli/pkg/testfiles/certs/private_key.pem b/components/automate-cli/pkg/testfiles/certs/private_key.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/private_key.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/public_key.pem b/components/automate-cli/pkg/testfiles/certs/public_key.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/public_key.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem b/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
new file mode 100644
index 00000000000..89bf971b443
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem b/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
new file mode 100644
index 00000000000..89bf971b443
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
new file mode 100644
index 00000000000..ded85ae40ce
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
new file mode 100644
index 00000000000..b7fb49ffb29
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem b/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
new file mode 100644
index 00000000000..89bf971b443
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
+	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+	-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/onprem/certs-config.toml b/components/automate-cli/pkg/testfiles/onprem/certs-config.toml
new file mode 100644
index 00000000000..40231f2f27c
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/onprem/certs-config.toml
@@ -0,0 +1,52 @@
+[automate]
+  root_ca = "../../../../lib/config/testdata/root-ca.pem"
+
+  [[automate.ips]]
+    ip = "10.1.0.130"
+    public_key = "/home/ubuntu/certs/automate1.pem"
+    private_key = "/home/ubuntu/certs/automate1-key.pem"
+
+[chef_server]
+  root_ca = "/home/ubuntu/certs/root-ca.pem"
+
+  [[chef_server.ips]]
+    ip = "10.1.0.16"
+    public_key = "/home/ubuntu/certs/cs1.pem"
+    private_key = "/home/ubuntu/certs/cs1-key.pem"
+
+[postgresql]
+  root_ca = "/home/ubuntu/certs/root-ca.pem"
+
+  [[postgresql.ips]]
+    ip = "10.1.0.141"
+    public_key = "/home/ubuntu/certs/pg1.pem"
+    private_key = "/home/ubuntu/certs/pg1-key.pem"
+
+  [[postgresql.ips]]
+    ip = "10.1.1.190"
+    public_key = "/home/ubuntu/certs/pg2.pem"
+    private_key = "/home/ubuntu/certs/pg2-key.pem"
+
+  [[postgresql.ips]]
+    ip = "10.1.2.130"
+    public_key = "/home/ubuntu/certs/pg3.pem"
+    private_key = "/home/ubuntu/certs/pg3-key.pem"
+
+[opensearch]
+  root_ca = "/home/ubuntu/certs/root-ca.pem"
+  admin_public_key = "/home/ubuntu/certs/os-admin.pem"
+  admin_private_key = "/home/ubuntu/certs/os-admin-key.pem"
+  [[opensearch.ips]]
+    ip = "10.1.0.176"
+    public_key = "/home/ubuntu/certs/os1.pem"
+    private_key = "/home/ubuntu/certs/os1-key.pem"
+
+  [[opensearch.ips]]
+    ip = "10.1.1.125"
+    public_key = "/home/ubuntu/certs/os2.pem"
+    private_key = "/home/ubuntu/certs/os2-key.pem"
+
+  [[opensearch.ips]]
+    ip = "10.1.2.247"
+    public_key = "/home/ubuntu/certs/os3.pem"
+    private_key = "/home/ubuntu/certs/os3-key.pem"
\ No newline at end of file

From e966e25d72895fec9be4cf4d07ea3c4f2b1e9db5 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Mon, 16 Oct 2023 06:33:11 +0530
Subject: [PATCH 06/17] added test cases for get certs form template

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate_test.go      | 71 +++++++++++++------
 .../pkg/testfiles/onprem/certs-config.toml    | 60 ++++++++--------
 2 files changed, 81 insertions(+), 50 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate_test.go b/components/automate-cli/cmd/chef-automate/certRotate_test.go
index e3f8c2bc619..c0e7aebb5ea 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate_test.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate_test.go
@@ -2559,6 +2559,47 @@ func TestPopulateCertificateConfig(t *testing.T) {
 	})
 }
 
+func TestGetCertsFromTemplate(t *testing.T) {
+	type testCaseInfo struct {
+		description   string
+		filepath      string
+		isError       bool
+		ExpectedError string
+	}
+	testCases := []testCaseInfo{
+		{
+			description:   "get to certificates from correct template file path",
+			filepath:      "../../pkg/testfiles/onprem/certs-config.toml",
+			isError:       false,
+			ExpectedError: "",
+		},
+		{
+			description:   "get to certificates from incorrect template file path",
+			filepath:      "../../pkg/testfiles/onprem/certs-config1.toml",
+			isError:       true,
+			ExpectedError: "Error in fetching certificates from template file",
+		},
+		{
+			description:   "get to certificates from empty template file path",
+			filepath:      "",
+			isError:       true,
+			ExpectedError: "Cluster certificate file is required",
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			output, err := getCertsFromTemplate(testCase.filepath)
+			if testCase.isError {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+				assert.ObjectsAreEqual(mockCertifiateTemplate(), output)
+			}
+		})
+	}
+
+}
+
 func TestWriteCertificateConfigToFile(t *testing.T) {
 	_, infra := getMockCertRotateFlowAndInfra()
 	type testCaseInfo struct {
@@ -3038,53 +3079,43 @@ func mockCertShowCertificates() *certShowCertificates {
 		OpensearchAdminKey:  admin_key,
 		AutomateCertsByIP: []CertByIP{
 			{
-				IP:         "10.1.0.1",
-				PublicKey:  public_key,
-				PrivateKey: private_key,
-			},
-			{
-				IP:         "10.1.0.2",
+				IP:         ValidIP,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 			{
-				IP:         "10.1.0.3",
+				IP:         ValidIP1,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 		},
 		ChefServerCertsByIP: []CertByIP{
 			{
-				IP:         "10.2.0.1",
-				PublicKey:  public_key,
-				PrivateKey: private_key,
-			},
-			{
-				IP:         "10.2.0.2",
+				IP:         ValidIP2,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 			{
-				IP:         "10.2.0.3",
+				IP:         ValidIP3,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 		},
 		OpensearchCertsByIP: []CertByIP{
 			{
-				IP:         "10.3.0.1",
+				IP:         ValidIP4,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 				NodesDn:    "test_node_dn",
 			},
 			{
-				IP:         "10.3.0.2",
+				IP:         ValidIP5,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 				NodesDn:    "test_node_dn",
 			},
 			{
-				IP:         "10.3.0.3",
+				IP:         ValidIP6,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 				NodesDn:    "test_node_dn",
@@ -3092,17 +3123,17 @@ func mockCertShowCertificates() *certShowCertificates {
 		},
 		PostgresqlCertsByIP: []CertByIP{
 			{
-				IP:         "10.4.0.1",
+				IP:         ValidIP7,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 			{
-				IP:         "10.4.0.2",
+				IP:         ValidIP8,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
 			{
-				IP:         "10.4.0.3",
+				IP:         ValidIP9,
 				PublicKey:  public_key,
 				PrivateKey: private_key,
 			},
diff --git a/components/automate-cli/pkg/testfiles/onprem/certs-config.toml b/components/automate-cli/pkg/testfiles/onprem/certs-config.toml
index 40231f2f27c..6771f49bc67 100644
--- a/components/automate-cli/pkg/testfiles/onprem/certs-config.toml
+++ b/components/automate-cli/pkg/testfiles/onprem/certs-config.toml
@@ -1,52 +1,52 @@
 [automate]
-  root_ca = "../../../../lib/config/testdata/root-ca.pem"
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
 
   [[automate.ips]]
-    ip = "10.1.0.130"
-    public_key = "/home/ubuntu/certs/automate1.pem"
-    private_key = "/home/ubuntu/certs/automate1-key.pem"
+    ip = "198.51.100.0"
+    public_key = "../../pkg/testfiles/certs/test_a2_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_a2_private_key_1.pem"
 
 [chef_server]
-  root_ca = "/home/ubuntu/certs/root-ca.pem"
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
 
   [[chef_server.ips]]
-    ip = "10.1.0.16"
-    public_key = "/home/ubuntu/certs/cs1.pem"
-    private_key = "/home/ubuntu/certs/cs1-key.pem"
+    ip = "198.51.100.2"
+    public_key = "../../pkg/testfiles/certs/test_cs_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_cs_private_key_1.pem"
 
 [postgresql]
-  root_ca = "/home/ubuntu/certs/root-ca.pem"
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
 
   [[postgresql.ips]]
-    ip = "10.1.0.141"
-    public_key = "/home/ubuntu/certs/pg1.pem"
-    private_key = "/home/ubuntu/certs/pg1-key.pem"
+    ip = "198.51.100.7"
+    public_key = "../../pkg/testfiles/certs/test_pg_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_private_key_1.pem"
 
   [[postgresql.ips]]
-    ip = "10.1.1.190"
-    public_key = "/home/ubuntu/certs/pg2.pem"
-    private_key = "/home/ubuntu/certs/pg2-key.pem"
+    ip = "198.51.100.8"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_public_key_2.pem"
 
   [[postgresql.ips]]
-    ip = "10.1.2.130"
-    public_key = "/home/ubuntu/certs/pg3.pem"
-    private_key = "/home/ubuntu/certs/pg3-key.pem"
+    ip = "198.51.100.9"
+    public_key = "../../pkg/testfiles/certs/test_pg_public_key_3.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_private_key_3.pem"
 
 [opensearch]
-  root_ca = "/home/ubuntu/certs/root-ca.pem"
-  admin_public_key = "/home/ubuntu/certs/os-admin.pem"
-  admin_private_key = "/home/ubuntu/certs/os-admin-key.pem"
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+  admin_public_key = "../../pkg/testfiles/certs/test_admin_cert.pem"
+  admin_private_key = "../../pkg/testfiles/certs/test_admin_key.pem"
   [[opensearch.ips]]
-    ip = "10.1.0.176"
-    public_key = "/home/ubuntu/certs/os1.pem"
-    private_key = "/home/ubuntu/certs/os1-key.pem"
+    ip = "198.51.100.4"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_1.pem"
 
   [[opensearch.ips]]
-    ip = "10.1.1.125"
-    public_key = "/home/ubuntu/certs/os2.pem"
-    private_key = "/home/ubuntu/certs/os2-key.pem"
+    ip = "198.51.100.5"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_2.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_2.pem"
 
   [[opensearch.ips]]
-    ip = "10.1.2.247"
-    public_key = "/home/ubuntu/certs/os3.pem"
-    private_key = "/home/ubuntu/certs/os3-key.pem"
\ No newline at end of file
+    ip = "198.51.100.6"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_3.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_3.pem"
\ No newline at end of file

From 2ebd156f27fac0a1c37fe53838bc31c242cb899a Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Mon, 16 Oct 2023 14:01:24 +0530
Subject: [PATCH 07/17] correction of filename in cert-config generation

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 components/automate-cli/cmd/chef-automate/certRotate.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 656c6b011c1..277572b821f 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1715,12 +1715,13 @@ func writeCertificateConfigToFile(infra *AutomateHAInfraDetails, args []string,
 	if len(args) < 1 {
 		return errors.Errorf("command need a output file name like cert-config.toml")
 	}
+	certFileName := args[0]
 	config, err := chefToml.Marshal(certTemplate)
 	if err != nil {
 		return err
 	}
-	writer.Printf("certificate config file is generate %s, Please update the file with releavent certificate file paths \n", fileName)
-	return fUtils.WriteFile(fileName, config, 0600)
+	writer.Printf("certificate config file is generated %s, Please update the file with releavent certificate file paths \n", certFileName)
+	return fUtils.WriteFile(certFileName, config, 0600)
 }
 
 func populateCertificateConfig(infra *AutomateHAInfraDetails) (error, *CertificateToml) {

From ac769999ceb5e9665125c2c6e8096536e670d434 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Wed, 18 Oct 2023 14:56:35 +0530
Subject: [PATCH 08/17] adding more test cases

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate.go           | 102 ++++++-------
 .../cmd/chef-automate/certRotate_test.go      | 144 +++++++++++++++++-
 .../testfiles/certs/test_a2_private_key_1.pem |  52 ++++---
 .../testfiles/certs/test_a2_private_key_2.pem |  52 ++++---
 .../testfiles/certs/test_a2_private_key_3.pem |  52 ++++---
 .../testfiles/certs/test_a2_public_key_1.pem  |  41 +++--
 .../testfiles/certs/test_a2_public_key_2.pem  |  41 +++--
 .../testfiles/certs/test_a2_public_key_3.pem  |  41 +++--
 .../pkg/testfiles/certs/test_admin_cert.pem   |  43 +++---
 .../pkg/testfiles/certs/test_admin_key.pem    |  52 ++++---
 .../testfiles/certs/test_cs_private_key_1.pem |  52 ++++---
 .../testfiles/certs/test_cs_private_key_2.pem |  52 ++++---
 .../testfiles/certs/test_cs_private_key_3.pem |  52 ++++---
 .../testfiles/certs/test_cs_public_key_1.pem  |  41 +++--
 .../testfiles/certs/test_cs_public_key_2.pem  |  41 +++--
 .../testfiles/certs/test_cs_public_key_3.pem  |  41 +++--
 .../testfiles/certs/test_os_private_key_1.pem |  52 ++++---
 .../testfiles/certs/test_os_private_key_2.pem |  52 ++++---
 .../testfiles/certs/test_os_private_key_3.pem |  52 ++++---
 .../testfiles/certs/test_os_public_key_1.pem  |  41 +++--
 .../testfiles/certs/test_os_public_key_2.pem  |  41 +++--
 .../testfiles/certs/test_os_public_key_3.pem  |  41 +++--
 .../testfiles/certs/test_pg_private_key_1.pem |  52 ++++---
 .../testfiles/certs/test_pg_private_key_2.pem |  52 ++++---
 .../testfiles/certs/test_pg_private_key_3.pem |  52 ++++---
 .../testfiles/certs/test_pg_public_key_1.pem  |  41 +++--
 .../testfiles/certs/test_pg_public_key_2.pem  |  41 +++--
 .../testfiles/certs/test_pg_public_key_3.pem  |  41 +++--
 .../pkg/testfiles/certs/test_root_ca.pem      |  44 +++---
 .../onprem/certs-config_only_frontend.toml    |  15 ++
 .../certs-config_without_opensearch.toml      |  33 ++++
 .../onprem/certs-config_without_pg.toml       |  34 +++++
 32 files changed, 900 insertions(+), 683 deletions(-)
 create mode 100644 components/automate-cli/pkg/testfiles/onprem/certs-config_only_frontend.toml
 create mode 100644 components/automate-cli/pkg/testfiles/onprem/certs-config_without_opensearch.toml
 create mode 100644 components/automate-cli/pkg/testfiles/onprem/certs-config_without_pg.toml

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 277572b821f..0216e0c772c 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -107,20 +107,6 @@ const (
 	SKIP_FRONT_END_IPS_MSG_CN         = "The following %s %s will skip during common name patching as the following %s have same common name as currently provided OpenSearch common name.\n\t %s"
 	DEFAULT_TIMEOUT                   = 600
 
-	AUTOMATE_HA_CLUSTER_CONFIG = `
-	[[load_balancer.v1.sys.frontend_tls]]
-		cert = """%v"""
-		key = """%v"""
-	[[global.v1.frontend_tls]]
-		cert = """%v"""
-		key = """%v"""
-	[global.v1.external.postgresql.ssl]
-		enable = true
-		root_cert = """%v"""
-	[global.v1.external.opensearch.ssl]
-		root_cert = """%v"""
-		server_name = "%v"
-	`
 	MAINTENANICE_ON_LAG = `
 Follower nodes are behind leader node by %d bytes, to avoid data loss we will put cluster on maintenance mode, do you want to continue :
 `
@@ -228,7 +214,7 @@ func init() {
 	certRotateCmd.PersistentFlags().IntVar(&flagsObj.timeout, "wait-timeout", DEFAULT_TIMEOUT, "This flag sets the operation timeout duration (in seconds) for each individual node during the certificate rotation process")
 
 	RootCmd.AddCommand(certRotateCmd)
-	RootCmd.AddCommand(certTemplateGenerateCmd)
+	certRotateCmd.AddCommand(certTemplateGenerateCmd)
 }
 
 func certRotateCmdFunc(flagsObj *certRotateFlags) func(cmd *cobra.Command, args []string) error {
@@ -261,8 +247,13 @@ func (c *certRotateFlow) certRotate(cmd *cobra.Command, args []string, flagsObj
 			return errors.WithStack(err)
 		}
 
+		statusSummary, err := getStatusSummary(infra, sshUtil)
+		if err != nil {
+			return err
+		}
+
 		if len(flagsObj.cluster) > 0 {
-			err = c.certRotateFromTemplate(flagsObj.cluster, sshUtil, infra, currentCertsInfo)
+			err = c.certRotateFromTemplate(flagsObj.cluster, sshUtil, infra, currentCertsInfo, statusSummary, true, 10, 60)
 			if err != nil {
 				return err
 			}
@@ -762,7 +753,7 @@ func (c *certRotateFlow) copyAndExecute(ips []string, sshUtil SSHUtil, timestamp
 			return err
 		}
 
-		fmt.Printf("Started Applying the Configurations in %s node: %s", remoteService, ips[i])
+		fmt.Printf("Started Applying the Configurations in %s node: %s \n", remoteService, ips[i])
 		output, err := sshUtil.connectAndExecuteCommandOnRemote(scriptCommands, true)
 		if err != nil {
 			writer.Errorf("%v", err)
@@ -1224,37 +1215,24 @@ func uniqueIps(ips []string) []string {
 	return uniqueIps
 }
 
-func getStatusSummary() (StatusSummary, error) {
-	infra, err := getAutomateHAInfraDetails()
-	if err != nil {
-		return nil, err
-	}
+func getStatusSummary(infra *AutomateHAInfraDetails, sshUtil SSHUtil) (StatusSummary, error) {
 	var statusSummaryCmdFlags = StatusSummaryCmdFlags{
 		isPostgresql: true,
 	}
-	sshUtil := NewSSHUtil(&SSHConfig{})
 	remoteCmdExecutor := NewRemoteCmdExecutorWithoutNodeMap(sshUtil, writer)
 	statusSummary := NewStatusSummary(infra, FeStatus{}, BeStatus{}, 10, time.Second, &statusSummaryCmdFlags, remoteCmdExecutor)
-	err = statusSummary.Prepare()
+	err := statusSummary.Prepare()
 	if err != nil {
 		return nil, err
 	}
 	return statusSummary, nil
 }
 
-func getPGLeader() (string, string) {
-	statusSummary, err := getStatusSummary()
-	if err != nil {
-		return "", ""
-	}
+func getPGLeader(statusSummary StatusSummary) (string, string) {
 	return statusSummary.GetPGLeaderNode()
 }
 
-func getMaxPGLag(log logger.Logger) (int64, error) {
-	statusSummary, err := getStatusSummary()
-	if err != nil {
-		return 0, err
-	}
+func getMaxPGLag(log logger.Logger, statusSummary StatusSummary) (int64, error) {
 	lag := statusSummary.GetPGMaxLagAmongFollowers()
 	log.Debug("==========================================================")
 	log.Debug("Total lag in PostgreSQL follower node is %d \n", lag)
@@ -1293,31 +1271,33 @@ func startTrafficOnChefServerNode(infra *AutomateHAInfraDetails, sshConfig sshut
 	return nil
 }
 
-func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtil sshutils.SSHUtil, log logger.Logger) error {
+func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SSHConfig, sshUtils sshutils.SSHUtil, log logger.Logger, statusSummary StatusSummary, userConsent bool, waitTime time.Duration, totalWaitTimeOut time.Duration) error {
 	fontendIps := infra.Outputs.AutomatePrivateIps.Value
 	fontendIps = append(fontendIps, infra.Outputs.ChefServerPrivateIps.Value...)
-	lag, err := getMaxPGLag(log)
+	lag, err := getMaxPGLag(log, statusSummary)
 	if err != nil {
 		return err
 	}
 	//////////////////////////////////////////////////////////////////////////
-	agree, err := writer.Confirm(fmt.Sprintf(MAINTENANICE_ON_LAG, lag))
-	if err != nil {
-		return status.Wrap(err, status.InvalidCommandArgsError, errMLSA)
-	}
-	if !agree {
-		return status.New(status.InvalidCommandArgsError, errMLSA)
+	if userConsent {
+		agree, err := writer.Confirm(fmt.Sprintf(MAINTENANICE_ON_LAG, lag))
+		if err != nil {
+			return status.Wrap(err, status.InvalidCommandArgsError, errMLSA)
+		}
+		if !agree {
+			return status.New(status.InvalidCommandArgsError, errMLSA)
+		}
 	}
-	err = frontendMaintainenceModeOnOFF(infra, sshConfig, sshUtil, ON, fontendIps, log)
+	err = frontendMaintainenceModeOnOFF(infra, sshConfig, sshUtils, ON, fontendIps, log)
 	if err != nil {
 		return err
 	}
 	//////////////////////////////////////////////////////////////////////////
 
 	waitingStart := time.Now()
-	time.Sleep(10 * time.Second)
+	time.Sleep(waitTime * time.Second)
 	for {
-		lag, err := getMaxPGLag(log)
+		lag, err := getMaxPGLag(log, statusSummary)
 		if err != nil {
 			return err
 		}
@@ -1325,7 +1305,7 @@ func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SS
 			break
 		} else {
 			timeElapsed := time.Since(waitingStart)
-			if timeElapsed.Seconds() >= 60 {
+			if timeElapsed.Seconds() >= totalWaitTimeOut.Seconds() {
 				return status.Wrap(errors.New(""), status.UnhealthyStatusError, fmt.Sprintf("Follower node is still behind the leader by %d bytes\n", lag))
 			}
 		}
@@ -1349,7 +1329,7 @@ func getCertsFromTemplate(clusterCertificateFile string) (*CertificateToml, erro
 	return certifiacates, nil
 }
 
-func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates) error {
+func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, sshUtil SSHUtil, infra *AutomateHAInfraDetails, currentCertsInfo *certShowCertificates, statusSummary StatusSummary, userConsent bool, waitTime time.Duration, totalWaitTimeOut time.Duration) error {
 	sshConfig := c.getSshDetails(infra)
 	configRes := sshutils.SSHConfig{
 		SshUser:    sshConfig.sshUser,
@@ -1361,7 +1341,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 	c.log.Debug("==========================================================")
 	c.log.Debug("Stopping traffic MAINTENANICE MODE ON")
 	c.log.Debug("==========================================================")
-	err := checkLagAndStopTraffic(infra, configRes, c.sshUtil, c.log)
+	err := checkLagAndStopTraffic(infra, configRes, c.sshUtil, c.log, statusSummary, userConsent, waitTime, totalWaitTimeOut)
 	if err != nil {
 		return err
 	}
@@ -1503,7 +1483,7 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 		c.writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
 	}
-	fmt.Printf("Admin cert path : %s", oss.AdminPublickey)
+	fmt.Printf("Admin cert path : %s \n", oss.AdminPublickey)
 	flagsObj := certRotateFlags{
 		opensearch:      true,
 		rootCAPath:      oss.RootCA,
@@ -1648,6 +1628,7 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 	skipIpsList := []string{}
 
 	nodeDn := pkix.Name{}
+	patchConfig := ""
 	if len(certToml.OpenSearch.IPS) > 0 {
 		opensearchFlagsObj := certRotateFlags{
 			opensearch:      true,
@@ -1664,23 +1645,26 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 		if err != nil {
 			return err
 		}
+		opensearchRootCA, err := c.getCertFromFile(certToml.OpenSearch.RootCA, infra)
+		if err != nil {
+			return err
+		}
+		patchConfig = patchConfig + "\n" + fmt.Sprintf(OPENSEARCH_FRONTEND_CONFIG, string(opensearchRootCA), nodeDn.CommonName)
 	}
-	opensearchRootCA, err := c.getCertFromFile(certToml.OpenSearch.RootCA, infra)
-	if err != nil {
-		return err
-	}
-
-	postgreSQLRootCA, err := c.getCertFromFile(certToml.PostgreSQL.RootCA, infra)
-	if err != nil {
-		return err
+	if len(certToml.PostgreSQL.RootCA) > 0 {
+		postgreSQLRootCA, err := c.getCertFromFile(certToml.PostgreSQL.RootCA, infra)
+		if err != nil {
+			return err
+		}
+		patchConfig = patchConfig + "\n" + fmt.Sprintf(POSTGRES_FRONTEND_CONFIG, string(postgreSQLRootCA))
 	}
 
 	// Creating and patching the required configurations.
-	config := fmt.Sprintf(AUTOMATE_HA_CLUSTER_CONFIG, certs.publicCert, certs.privateCert, certs.publicCert, certs.privateCert, string(postgreSQLRootCA), string(opensearchRootCA), nodeDn.CommonName)
+	patchConfig = patchConfig + "\n" + fmt.Sprintf(FRONTEND_CONFIG, certs.publicCert, certs.privateCert, certs.publicCert, certs.privateCert)
 	concurrent := true
 	patchFnParam := &patchFnParameters{
 		sshUtil:       sshUtil,
-		config:        config,
+		config:        patchConfig,
 		fileName:      fileName,
 		timestamp:     timestamp,
 		remoteService: remoteService,
diff --git a/components/automate-cli/cmd/chef-automate/certRotate_test.go b/components/automate-cli/cmd/chef-automate/certRotate_test.go
index c0e7aebb5ea..be3f6c36c92 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate_test.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate_test.go
@@ -408,8 +408,37 @@ WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
 	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
 	-----END CERTIFICATE-----`
 
-	private_cert_path = "../../pkg/testfiles/certs/private_key.pem"
-	public_cert_path  = "../../pkg/testfiles/certs/public_key.pem"
+	private_cert_path    = "../../pkg/testfiles/certs/private_key.pem"
+	public_cert_path     = "../../pkg/testfiles/certs/public_key.pem"
+	OPENSEARCH_USER_TOML = `
+	[discovery]
+  minimum_master_nodes = 2
+  ping_unicast_hosts = ["10.1.0.176", "10.1.1.125", "10.1.2.247"]
+
+[network]
+  host = "10.1.0.176"
+  port = 9200
+
+[plugins]
+  [plugins.security]
+    nodes_dn = "- CN=chefnode,O=Chef Software Inc,L=Seattle,ST=Washington,C=US"
+    [plugins.security.authcz]
+      admin_dn = "- CN=chefadmin,O=Chef Software Inc,L=Seattle,ST=Washington,C=US"
+    [plugins.security.ssl]
+      [plugins.security.ssl.transport]
+        enforce_hostname_verification = false
+        resolve_hostname = false
+
+[tls]
+  admin_cert = "-----BEGIN CERTIFICATE-----\nMIIDdjCCAl6gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvMwDQYJKoZIhvcNAQEL\nBQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM\nB1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw\ncm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGQxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow\nGAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzESMBAGA1UEAwwJY2hlZmFkbWluMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56ettU4VAn7qz1j1NoiBQfn7\nS96t+Ta6CeeySm1RihsJdxhqAmPK83Jro/QFDzySrVD2GwuQ43DQfOKy25LRvKhV\nu5AY5k4Pqy8d/5T4Ike+MaC4SiVb5/In8Uqe6tLeQprun1J39Qo8FJ8CvEWsLbDx\nATLWo0olQDY60ciH6D02NHoRVqQ9dz8vleCJf+978GmvJqpUHnziYKyy/A+3Z8aY\nyjZncjwOP/KIPcKnrDg/4cLN4SZB3D/ZPyev+80fUEJfZGXv4xpr8JJILYSi/ryV\nDSvQjZKl7jiXFfKdZo3Zz6LSKovt4MfLVa/2mLQiuNCkmJZTq1hZE0qcQ/Q4lwID\nAQABoyEwHzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcN\nAQELBQADggEBADZSRlmAyLdwTc10Jh7WeuhoK3DklSIHk2hiWemiI4wuWiJ19IBg\nqPrBsSsZevODL6FgNlyEgdfSGXJpgZfzlNqBeW4nUc+lMkiTSGTvgr9SVmZAPz52\nzRahRxnUXJkbcwuU51bJn58xmIB1SFUHqAALHuAAOhoEqTxVfwtkC2dL4IFhNmWI\noZMMc6pQmR7B4dteJKogsE1sp031/PC0qch+8yDlxY8tfSLLYq0lIDaUVbvY+RDK\n2d/6zFSywsK0NfLb0gSZ/UayQtSSINwsH6AwkWlJuDNjC0qv9EbSZSH9hte8ofDN\nDrg3vVH19nkLatp4+eZZZf8yiGdkl8hNZFQ=\n-----END CERTIFICATE-----"
+  admin_key = "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDnp621ThUCfurP\nWPU2iIFB+ftL3q35NroJ57JKbVGKGwl3GGoCY8rzcmuj9AUPPJKtUPYbC5DjcNB8\n4rLbktG8qFW7kBjmTg+rLx3/lPgiR74xoLhKJVvn8ifxSp7q0t5Cmu6fUnf1CjwU\nnwK8RawtsPEBMtajSiVANjrRyIfoPTY0ehFWpD13Py+V4Il/73vwaa8mqlQefOJg\nrLL8D7dnxpjKNmdyPA4/8og9wqesOD/hws3hJkHcP9k/J6/7zR9QQl9kZe/jGmvw\nkkgthKL+vJUNK9CNkqXuOJcV8p1mjdnPotIqi+3gx8tVr/aYtCK40KSYllOrWFkT\nSpxD9DiXAgMBAAECggEBAMoneqBYVl9KMFDnmX2QW/QeWVzZI0rypiDUr7LheSGi\n/HyQspoJSedut15pKS0lt/5FQ69QRY0lOttw3ZJdqmgPIlm+ouv/vQ6u3GfYMT2B\nDAm07n3N4kkj+hVIACx9/fVzzL7+Ma6F0u5P4Qw5ZMquuXJJUiNHJgDGEkhVzbws\nXaNucuk7WvbLnLR2MHrJPeAOrlF2/Wv6VBsEQRJkaEDwhIKmMWG+k/M3Q8DaerDj\nmtx+tbAMZhBKQr0x/2H3GYQI45IVXtiBfpoSdjq8TmaHMsFqPRB+G4KU+JbBW5Fw\nPirPnM1H9d8VNTlaB8b9T1lgcHGxWIYkMC5RfV06wRkCgYEA9Lc/7DubTh7cWwlR\nmvadMK0vrtXYbVQCok7qUlZC8WgwUJqfA0MfDC6qxAFrPNo/HEkSAWk4MPdRFwIV\nAMHB663NhFLtmxqZhfDgphYoQdX5jrD2YifgDU4w/fIr2kyWzoB6r4t/iXXBbtHO\nGrtFccF4q1Cmg9ZSDcf/uqFEGEUCgYEA8lZAkRm8UIBJ/5ZxO3XkMrxrADZMAS2u\nS4XCV2EEGeiBEAkMQtT5xccxfQ3faV9rs0YkVXXGyDg4a2AUCcbKyV9vwlLiy0vh\nGd8MZ79IwCr9AREI8uUTsKenr26+mbqCofX+6lZwyNCxbZSc/ver8UXpTwpc2hAG\n7H+t5aEqYSsCgYAra0ggNgM8PSWD0Yd1I0SImnHXZ4HbBAjjm3Tf3wZJpt7LrmOA\nRKyBkNYjqMzKIz8HWb+kGHMr3PW6S1hGphouIsxQKhaWaoXKyg5R6aSC6eA5fRR6\nHfEW60SuCgXV2bj4MruR4gJi9U24x+j1vTx5DobGfqzMv34Xi+DH0E0wsQKBgQDx\ndtns+py2Ba41+pwm6CgSGcXwNynyPqcd31Cuqh9hBVecN7e82+NomzsHZQxIPWjd\n/7TyZmFEXShybRBqUWb70ZlVIiuS76+CjMoakfGWcP8Z0fR9uZ2t9s/RsOI/4SSK\n5scyjiDhJ3izPFJWh0gPJ176f9PXAAM2IV6PoM/OcwKBgDT3SGqdpuwpuC/dRNU4\n5Q5WmTz3YWYxiVdJqVbL40TM2yEHh9ocsdgl9xDN8ELp38wlw5r4P6lfKjB9fmRZ\nYrFxlDZ0LURKyNEJq4KOp8criB2Q9UDDblgPVm8u7mIu24TqF2l9AFUf7AWn0px2\nvtG5yZjAY92/XaJkK2cRDop7\n-----END PRIVATE KEY-----"
+  rootCA = "-----BEGIN CERTIFICATE-----\nMIIDpzCCAo+gAwIBAgIUBYPmNYODsegtqdC4UMDEqgtLitIwDQYJKoZIhvcNAQEL\nBQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM\nB1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw\ncm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow\nGAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIcHJvZ3Jlc3MwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAVWQtiuUvZlGk0csKpYtFVxLY\nHxL+D2Mec/7IxqGbccmNMsRLXw+ukRzGx0R6ppj5hE6bjuZeihaHFtAMpMBIDauX\nQy12W/0Nkn0yALRrlq6IhHyt+axYZoF60BeEgTFiME/ai8CeyTUz2301oe0rEp58\nPX3Pr1FOmwGkGhXO88cArdkWMblKFxh9fsorhGW50TYrXPg09zpIcX5EnH1tsWv0\nIBjVgUPMWY50wdB7gzNOWbMtuburt/jzuT3oRmWu4OGebclpkgALKuC3xDPMtZ4j\n4w/eiGjm2D4yAYNeVjhwTk2o1DckUUY4WGNFXEaVBVDBT03rz9iaAidHoj7jAgMB\nAAGjUzBRMB0GA1UdDgQWBBT2GQGV/1o07Y0OjBj/PBqYDCHLWTAfBgNVHSMEGDAW\ngBT2GQGV/1o07Y0OjBj/PBqYDCHLWTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\nDQEBCwUAA4IBAQATCKTpgj8P3zDMVZuzFg3vpaBZHwiB0pH4ZrKEu4d5fX2rgede\n10WyuJxT0Lwfms0Ou7qxpS6Th6RgBFM0riFk7+lMmIxZvgSO+Kxq9Re1UO6aduon\nPbPFhiTAdhOXT/9NAVStGljpTsrJMbXnVzZL6jUbkXK+cdR2zwW0zTkma6Ja2Ygf\n7bBmv3wOfzde3mw0AMlk9JWmFbIpyNKER4D60x6+F+g7foo4w5+OsNQQYHIL3b2l\n9h48bn2apwAc49l0RHIL0QSBkeklcsCO0H4Es8AwKi1+Q3J+P5Q7HrZie9gIH4D1\nSnWqpKuioaE82pLXRbT9+iWEJdj9mDkkMtbD\n-----END CERTIFICATE-----"
+  ssl_cert = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvQwDQYJKoZIhvcNAQEL\nBQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM\nB1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw\ncm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow\nGAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFloOr9RoDqZHf7oRcE1TdrDX0\n9lrTsBGW34IK3Sl5mmPMNWx9PD08FwFBg2SyFfQs3Lmqdq69CSEqTj17TquzlFTj\na/1Sx7/j/2SF/6sp3EVb5F72KAzZFDJFTHLXZTPWK7PSYlYNJstWFOVf63owhzNd\n1xnDnnXw+hJ/6sUf/3jttLUcKICF01JfW3f9bJiCNFnwZrZTUiS2wNFIwEZPYdp8\ntPlrkNvt7I/G4RJUbvsX0ZGbp9GUg358Gm7bOCOFrKQBpWnuQqKN7ota8cGfhaz1\n7MhAJQuCbV0sV/kMFvXW9xCMwZgwGT8/52seHJplT2ICe+mKG6n/enU5U3iVAgMB\nAAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B\nAQsFAAOCAQEAHbFSowIZIgp7PJBscxf6yiGfZAkJ40bxPG1jOx1msuPVMqd1aYux\nvgfMiSSB4VgTlfevjt9OduuLitN02oKXFRMXc5WPCoZm6WLFKwTT5S13s0BH4mOr\ntOFm84iMlnvLrlUNbOwdIpjbJVdDIvi/l1kEs9zCHMlMgnXlgRuZWABfciqWSmr0\nBb6vYDNCJ3sfgdBifS1NeX9IJ/yTj9Zs+dEn1tFrljGY8Xg8pTmtf7oChQRnFEKW\ndSUZt/vAkug3u739KzeHfLcwiGDC336PhGoLbDw0x6AsT4BCcwB7jMrOBsBtCK5Z\nw0m2pi4hVt1O1M5A/m3aAIDIPYbhFW7owg==\n-----END CERTIFICATE-----"
+  ssl_key = "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFloOr9RoDqZHf\n7oRcE1TdrDX09lrTsBGW34IK3Sl5mmPMNWx9PD08FwFBg2SyFfQs3Lmqdq69CSEq\nTj17TquzlFTja/1Sx7/j/2SF/6sp3EVb5F72KAzZFDJFTHLXZTPWK7PSYlYNJstW\nFOVf63owhzNd1xnDnnXw+hJ/6sUf/3jttLUcKICF01JfW3f9bJiCNFnwZrZTUiS2\nwNFIwEZPYdp8tPlrkNvt7I/G4RJUbvsX0ZGbp9GUg358Gm7bOCOFrKQBpWnuQqKN\n7ota8cGfhaz17MhAJQuCbV0sV/kMFvXW9xCMwZgwGT8/52seHJplT2ICe+mKG6n/\nenU5U3iVAgMBAAECggEAH0VG6XwM9e9sSshw4jGdCMgscexbS41d+0a8SgPegIRS\nrwr1dIyIFG5/oGKvGRAoaME2EShfV0OOoCdpy44T1oPvO17n5KYAVJEi06I28JUP\n1Q87iDGmduSfYCBNPJGjto2MFAvEGqi9HY6JDrkxyWRcWMmmJjN57v1k2CHLuNhq\nLvxgxRT1Dbh4oTtU5//rYZmFVVZ2Cfl2b4sJivX9o3RRRNklQpPv03f0YbIlRtIw\n3FjYjAG17WQpnMhmtCo6k45eAqomr4OV1BxrMl0Ltx6YLpLXh3zas96h5xQEIdM5\n74oSmseI67VKyLtmqDCvIxJFqtkhAB/0Z5sEdmh0gQKBgQD6Nsx/dwUxJ3HgqHxp\njlFyNeWPuDhq6woiaUUaV2FMNc9zO0Lw2zYOKiVRKhbQ5X+gWXwMf+7L+6nwRSUa\nuXNRDd/t080z+5M0YHJhe80yy3saxAplqgpMPZWqhduPNAo5DSEAn/hDmq7mUb+4\nsS7MdqPPub2MM92hAaXRTIWJOQKBgQDKKC7OPdOVmLDcmBG/3RFkEFumm2gqBtmF\n4aL7Nn3dIxmkVs9HXH5JSY8r0ENrXlynSxO+174boqvFR/0Kw3YRnAJhcg+phECG\nxK4Jt3LMIkZqxhkgevHrL0l8mrCo4qEhbAuE/ppxO7dkVSwnn/y6lnjOrXmncz6d\nSnUSEc32PQKBgQDifVYRD3CQtO7c+EZd2iiZZHYe6ReQmJ881ONrW6tEK/VTjlIi\n6Zr9qWLMHHg4sXUcdcPXILrMxEpopn5WuYXL2e5YPn+iTVhLcf43hbQSBaSybsAm\nlIvrxVdD2xUKhIW4bMzx3twAffVRoLAWA7Sj+cSAVNZiIdS9WFt7oHPD6QKBgQCk\nv+61QgnHZvLsNDpy5JUhuXsX4psXdRGdXG/Yz2Xv7IUfO2gdvjFlRL+bc1UekX5t\nEHB9HZHfL8lRNAPy26zDWSNPiwdcnV2A95TmckzqNByzM9KSd9/kTVtUYzUJzfiH\nJmiU8HGpSoOBDzC28lmjLrIxrYrxfqhOw7l5Cm2R+QKBgFuwyuHD3Xr9H51Ma5l3\nJ2PQzmNcXpev2h+3yW4s5YcSNPMmUusfrueaSDC+sPKin5GTcvY4D0PcHRsyvUPL\nneBKRoED3B9lkbs6ce7cVqmeQhjkT+hIW650MEfpYPvZlgkvAm3RUB+aX0PppGdC\nv993qjI98DUAwRz2p8YIga6S\n-----END PRIVATE KEY-----"
+
+[transport]
+  port = 9300
+	`
 )
 
 var sshConfig = sshutils.SSHConfig{
@@ -2987,6 +3016,117 @@ func TestRotateOSNodeCerts(t *testing.T) {
 	}
 }
 
+func TestCertRotateFromTemplate(t *testing.T) {
+	log, _ := logger.NewLogger("text", "info")
+	_, infra := getMockCertRotateFlowAndInfra()
+	mockSSHUtils := &sshutils.MockSSHUtilsImpl{
+		CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+			return []sshutils.Result{
+				{
+					HostIP: "",
+					Error:  nil,
+					Output: "",
+				},
+			}
+		},
+		ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+			return []sshutils.Result{
+				{
+					HostIP: "",
+					Error:  nil,
+					Output: "",
+				},
+			}
+		},
+		Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+			return "", nil
+		},
+	}
+	statusSummary := NewStatusSummary(infra, FeStatus{}, BeStatus{}, 10, time.Second, &StatusSummaryCmdFlags{
+		node:         fmt.Sprintf("%s,%s,%s,%s", ValidIP, ValidIP3, ValidIP5, ValidIP8),
+		isAutomate:   true,
+		isChefServer: true,
+		isOpenSearch: true,
+		isPostgresql: true,
+	}, &MockRemoteCmdExecutor{
+		ExecuteWithNodeMapFunc: func(nodeMap *NodeTypeAndCmd) (map[string][]*CmdResult, error) {
+			return nil, nil
+		},
+	})
+	type testCaseInfo struct {
+		description      string
+		certFileName     string
+		inf              *AutomateHAInfraDetails
+		currentCertsInfo *certShowCertificates
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		statusSummary    StatusSummary
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description:      "Rotate only frontend Certs",
+			inf:              infra,
+			certFileName:     "../../pkg/testfiles/onprem/certs-config_only_frontend.toml",
+			currentCertsInfo: mockCertShowCertificates(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil:      mockSSHUtils,
+			statusSummary:    statusSummary,
+			isError:          false,
+			ExpectedError:    "",
+		},
+		{
+			description:      "Rotate Cluster Certs without OpenSearch certs",
+			inf:              infra,
+			certFileName:     "../../pkg/testfiles/onprem/certs-config_without_opensearch.toml",
+			currentCertsInfo: mockCertShowCertificates(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil:      mockSSHUtils,
+			statusSummary:    statusSummary,
+			isError:          false,
+			ExpectedError:    "",
+		},
+		{
+			description:      "Rotate Cluster Certs without PostgreSQL certs",
+			inf:              infra,
+			certFileName:     "../../pkg/testfiles/onprem/certs-config_without_pg.toml",
+			currentCertsInfo: mockCertShowCertificates(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, OPENSEARCH_USER_TOML, nil, "", nil),
+			MockSSHUtil:      mockSSHUtils,
+			statusSummary:    statusSummary,
+			isError:          false,
+			ExpectedError:    "",
+		},
+		{
+			description:      "Rotate all Cluster Certs",
+			inf:              infra,
+			certFileName:     "../../pkg/testfiles/onprem/certs-config.toml",
+			currentCertsInfo: mockCertShowCertificates(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, OPENSEARCH_USER_TOML, nil, "", nil),
+			MockSSHUtil:      mockSSHUtils,
+			statusSummary:    statusSummary,
+			isError:          false,
+			ExpectedError:    "",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: &fileutils.FileSystemUtils{},
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl(), log: log}
+			output := c.certRotateFromTemplate(testCase.certFileName, testCase.sshutil, testCase.inf, testCase.currentCertsInfo, testCase.statusSummary, false, 0, 0)
+			fmt.Println(output)
+			if testCase.isError {
+				assert.Error(t, output, testCase.ExpectedError)
+			} else {
+				assert.NoError(t, output)
+			}
+		})
+	}
+}
+
 func mockCertifiateTemplate() *CertificateToml {
 	return &CertificateToml{
 		Automate: NodeCertficate{
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
index ded85ae40ce..e83244f3aa5 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIoHlzFMz6LsPK
+BTj9FesKJMRJgyw7CW9et38rIvzPaqEOFHUEcv3ZwX83ldKLMmrlh0vcn8xnKP03
+eZaoIJnRukX8ODnI//kRhmR5rxgIEgzs94NsEu/wm12RvmY/YD9eSZt8yUVlHhtZ
+wScmTlQuzOjh9nKRljze8vLlSWpaopYmHLyj9YjL+0X1AMur2NNvwj0Gh8XJCKWl
+26mJO0gyDwFYT8kkz6yjZFMrtjMWU7lptfD+3RucWI6FHigbx8fgURmyY2GpwFmw
+MBBIbtV7/jKwP46MT6vqrdLe7+HljAV1/N0C14BT0BSnmCez4/JM8uGYxkLQ/h3q
+KI0Ps+jtAgMBAAECggEBAK87AnjSbSoDGHzlzN24fB7S+CJhEIvL9NscmFT77SXY
+syzSD1bAfRnpmIzbLhboBVfOsSLU67oaofgHGeBlARSehqwCC+6ULF3zLOTfWrUJ
+1wJOORp2+90CRlqam0G1dgOLdOQsA5GLF0ZwnxolBgAOd0WNdInWV/o+5on/coYP
+ugNpcFTL8QhxZCMnQDe+C5Qhw98QiIUnJvuIaj0ZwP1PtsKN4oyV1/XmPTrmWf0S
+pl0fT5NKP4Bgi1LlUt9v90i0zA9etdbbeHBJXQflW0jEZGdkAjHy/auHd+i2ykkr
+92pOvcqh906o0x0po2nqSOazrqHDk04waOO3Xplml10CgYEA42iIqy1rLIKgW4/r
++Eonv2sgG0/pae6LkxUvwm0rLjc7+9WYaixdh4dfBLeL/bPJgedE7l7OQ+EbBbRU
+eGv3lwgibvAahWXSt0LwRPu5EDFQICje/ZJtX4SE1GAeyUIzZQjKu06UAU46mFYV
+USpjNbM+0d7vr4KERZgQ+ooKd/cCgYEA4dnwl7reCdC1PYz7TO9Od3NLewIooZ+A
+CXzbevZRCgWypWY3PjjZmKBJ5dh59HeiCxv//dwJezf8jrVHueg24YZeq2JhmIr/
+Gh7Zr2ngdCQUsYVN/8TgkcDijZqy1QIBlE0FcZ0m3DVuw+pylmfz8KPu9LYMmKN7
+i0w+36llFTsCgYBz8MbFJzneDpc9N2piQ0RylmZfJmXlqUYl7gZUhR4fyO9fHO5B
+K29f+seZ+w53gaM6BLQjJ9jXyLvjM6ZhYwJvUSllECslWd2Nq6YeNYyL0eh9DPlr
+pKz4pvKl6H+psoPLfikGSDCzXbQIGNNzdz3vkfx0OcpP3CYd6UK2yYw+zwKBgCKP
+xGajvQjJfIK/yVEbqelTpnBbgzZAf0p0Ze3qNbqP5qey/a8y6fGWTdiziO4lRJHo
+pgMGIhlOFwMLsL89TvCyLFiTxJWgZ6tqnytdy3BaeSQ1XxtN2IPVfZXn34gDN5Sn
+OLcLMoAuWRX4EbL8k3L200F1fnX5RpWphFGbzZEzAoGAJqUVWp0eHrDOtKxs+ioI
+k03n6+kRV0NNibRj0HR1qiPoSYkDbhnN53Xj3YwdxF7a403Y2107hLpyMYE5xyLw
+6GPXQBmv1RkJG5GlYxPnncenLZvnXLoyxr7bHJQ+79hhwY+yOJ++M3DeBbXBYRDN
+WrJIwmrOfyKRUHyU+JvOOOk=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
index ded85ae40ce..480d3d02dd2 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDalaa9PfeRTmex
+BIYAEuyVzONE8tocdfFHcSpj9TPaSEUcb5Lm6b61slOppqhncSB76yUqtV8XDxg/
+5pcBmqs269UUtHTDVpnk3muq2WjkK4bCp78jKQMv4X1IuGL8rxV8zsOvMZU0XXEr
+H/sPfcSG3Ajtu3wbfexDL4/Zj7rSPhMWxtbukMASb8dkfdMI+R0GT3SogiIdsKij
+aOSN4wYkKPseTafMc4+Y0lbvhAuvYdhYrQNLigf1np8xmtaKauUQGt9/qW7zb4mT
+Y23B2X+p9Jt9u7PYRW9SMJuFnELMOz5a6BzpNb5uERmHKEo3YVW0/dc+P6SV8h3K
+6FkDqkBxAgMBAAECggEAN0MokaWuBo2VB5sGKdSe/cx8FP11CUcERjSlK/pdLq2g
+02yd7kVgUt2P609YOjbOqKWtktuh+9l0Hwu0V9J7wPnkuERbVNt7MvLMs7gdnbon
+auUwHLqMtLlEjHMZi5rUSuaXcJ6Pg1qwdt+yAJuiaRoOI9SHrweqCN5odu+wouBZ
+I+M+y4smjnncfgcvozNfhoorue4eKwvlXYUACFhJ53e4ifVlajt4x9B+v0Gx0W02
+Y360J9hH5iWSQS+NSWxXZ+fx6uMla0THc6kP0PCKAzMctqi0X/xWEqjzvC66dVs4
+WEXp3R3MmrA1xAzW/DhppOv5HHBSdRRxBAea8/XAVQKBgQDt49yEqQ+XK7Hpanv1
+Hl3E5KTbqeE8fnepTL+oDQHOYBJ9d9a6hLusNdwpjCn77nk9Z5v2IG07fGWd/R9V
+NOKiXJD6uZ9U1zvV8MkYQZRNgrySsVItZDOGU3SM13wydqVkV90QC+KUI55kNrI2
+sbFbGyaW3XfUzaEfJs6iYs6zuwKBgQDrOY2Xlfy7TQx26GIZFgXNfsK2ObqusVhb
+C+fdQs9aaOuF1BtAx9YASkR03bqMi7JMqIZfbx54qcbFzSrsYDbep76VLMzOEldp
+hw/jyPmc0+hbdmCMRICQ5WkouksJjNteQsnBEFEdVfI27MPWmYz4Vwnh5EIG61Qx
+BJhMyI37wwKBgQCU2m+x0teekAjTNX468rVZ7nf5u2Lkp33Ywd1rGjh3GkZ3m/UQ
+4N1N9KW+maXrrlzOv3YnnEK9ZilvomNovZ7SWXmeaWf5fnRCelhahS53EcdNQwdY
+v8o90xqqxmtAaF01XIVG9Sjh6SfDLTZ2YtnHWEXdQNcqoUCgbXf+xDTy4QKBgQDc
+ULic3T+tEtp02O1gv67JrUukL+f5TWQLStht9fCOpqzKWUL5ZvK6rNT3fOIIV6O1
+hzbsVgB9Vc82Xxcv9GIQI58uy5o7/RPgZD9uw0OALz53xCVj25lrnWPkYLB9jm+9
+FuMvMCA5UNGfvh0jeAiAZc18xTVOk8X0b3BSopnRzwKBgFgf2eKmDLikgKEAVQIY
+/9xg4P8fV2a2fA3K4+PMSuFGoY6AQ+1ecWdpA1TrnmSOXkTcVty3JVL5IewPusHR
+4r1cEIwLIgOj7JNLzXNYKnvP/FS5BBHO52/NfhJ0gXSXqfMbc1kFM3HGPfEEqZi1
+YCs0tWkpR4KNEcPG8AS3bIcr
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
index ded85ae40ce..480d3d02dd2 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDalaa9PfeRTmex
+BIYAEuyVzONE8tocdfFHcSpj9TPaSEUcb5Lm6b61slOppqhncSB76yUqtV8XDxg/
+5pcBmqs269UUtHTDVpnk3muq2WjkK4bCp78jKQMv4X1IuGL8rxV8zsOvMZU0XXEr
+H/sPfcSG3Ajtu3wbfexDL4/Zj7rSPhMWxtbukMASb8dkfdMI+R0GT3SogiIdsKij
+aOSN4wYkKPseTafMc4+Y0lbvhAuvYdhYrQNLigf1np8xmtaKauUQGt9/qW7zb4mT
+Y23B2X+p9Jt9u7PYRW9SMJuFnELMOz5a6BzpNb5uERmHKEo3YVW0/dc+P6SV8h3K
+6FkDqkBxAgMBAAECggEAN0MokaWuBo2VB5sGKdSe/cx8FP11CUcERjSlK/pdLq2g
+02yd7kVgUt2P609YOjbOqKWtktuh+9l0Hwu0V9J7wPnkuERbVNt7MvLMs7gdnbon
+auUwHLqMtLlEjHMZi5rUSuaXcJ6Pg1qwdt+yAJuiaRoOI9SHrweqCN5odu+wouBZ
+I+M+y4smjnncfgcvozNfhoorue4eKwvlXYUACFhJ53e4ifVlajt4x9B+v0Gx0W02
+Y360J9hH5iWSQS+NSWxXZ+fx6uMla0THc6kP0PCKAzMctqi0X/xWEqjzvC66dVs4
+WEXp3R3MmrA1xAzW/DhppOv5HHBSdRRxBAea8/XAVQKBgQDt49yEqQ+XK7Hpanv1
+Hl3E5KTbqeE8fnepTL+oDQHOYBJ9d9a6hLusNdwpjCn77nk9Z5v2IG07fGWd/R9V
+NOKiXJD6uZ9U1zvV8MkYQZRNgrySsVItZDOGU3SM13wydqVkV90QC+KUI55kNrI2
+sbFbGyaW3XfUzaEfJs6iYs6zuwKBgQDrOY2Xlfy7TQx26GIZFgXNfsK2ObqusVhb
+C+fdQs9aaOuF1BtAx9YASkR03bqMi7JMqIZfbx54qcbFzSrsYDbep76VLMzOEldp
+hw/jyPmc0+hbdmCMRICQ5WkouksJjNteQsnBEFEdVfI27MPWmYz4Vwnh5EIG61Qx
+BJhMyI37wwKBgQCU2m+x0teekAjTNX468rVZ7nf5u2Lkp33Ywd1rGjh3GkZ3m/UQ
+4N1N9KW+maXrrlzOv3YnnEK9ZilvomNovZ7SWXmeaWf5fnRCelhahS53EcdNQwdY
+v8o90xqqxmtAaF01XIVG9Sjh6SfDLTZ2YtnHWEXdQNcqoUCgbXf+xDTy4QKBgQDc
+ULic3T+tEtp02O1gv67JrUukL+f5TWQLStht9fCOpqzKWUL5ZvK6rNT3fOIIV6O1
+hzbsVgB9Vc82Xxcv9GIQI58uy5o7/RPgZD9uw0OALz53xCVj25lrnWPkYLB9jm+9
+FuMvMCA5UNGfvh0jeAiAZc18xTVOk8X0b3BSopnRzwKBgFgf2eKmDLikgKEAVQIY
+/9xg4P8fV2a2fA3K4+PMSuFGoY6AQ+1ecWdpA1TrnmSOXkTcVty3JVL5IewPusHR
+4r1cEIwLIgOj7JNLzXNYKnvP/FS5BBHO52/NfhJ0gXSXqfMbc1kFM3HGPfEEqZi1
+YCs0tWkpR4KNEcPG8AS3bIcr
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
index b7fb49ffb29..2f3ada7ded4 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvowDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMigeXMUzPouw8oFOP0V6wok
+xEmDLDsJb163fysi/M9qoQ4UdQRy/dnBfzeV0osyauWHS9yfzGco/Td5lqggmdG6
+Rfw4Ocj/+RGGZHmvGAgSDOz3g2wS7/CbXZG+Zj9gP15Jm3zJRWUeG1nBJyZOVC7M
+6OH2cpGWPN7y8uVJalqiliYcvKP1iMv7RfUAy6vY02/CPQaHxckIpaXbqYk7SDIP
+AVhPySTPrKNkUyu2MxZTuWm18P7dG5xYjoUeKBvHx+BRGbJjYanAWbAwEEhu1Xv+
+MrA/joxPq+qt0t7v4eWMBXX83QLXgFPQFKeYJ7Pj8kzy4ZjGQtD+HeoojQ+z6O0C
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQARFh4Xp3iNd7N0GxOGnQZqE3M+yJirDNy8uyEr4U6dK+v+zKbf
+UZLiP4F0P9zkWvOwy5zs8MyQfUlwBpDKdi+7Oxwzx/VRlH3PZIqfvajdy0iUcdIO
+kVZB43T5ceFfFff4b2G4YmD1iiX8e6U89XK/rBhkQe959J50985Lpifymg85djTk
+dRQYCIDZS5U1T82eMUdu/FzntdQWVyFygem8u7t05GDay5rLAOXNnPrGxyydL05w
+Fhw+jvhLacsEwknwGrLuTL5W+I9hJogUDIMD/1HvO0DkwrmTcvTr1/OVEOk2DEV0
+jQ65310w7vbBkB8rcbC7Ud7Ie+Sq8QJf1pO3
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
index b7fb49ffb29..90f785668b6 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvswDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANqVpr0995FOZ7EEhgAS7JXM
+40Ty2hx18UdxKmP1M9pIRRxvkubpvrWyU6mmqGdxIHvrJSq1XxcPGD/mlwGaqzbr
+1RS0dMNWmeTea6rZaOQrhsKnvyMpAy/hfUi4YvyvFXzOw68xlTRdcSsf+w99xIbc
+CO27fBt97EMvj9mPutI+ExbG1u6QwBJvx2R90wj5HQZPdKiCIh2wqKNo5I3jBiQo
++x5Np8xzj5jSVu+EC69h2FitA0uKB/WenzGa1opq5RAa33+pbvNviZNjbcHZf6n0
+m327s9hFb1Iwm4WcQsw7PlroHOk1vm4RGYcoSjdhVbT91z4/pJXyHcroWQOqQHEC
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBjK6YRhuwZKLWUwoKw9a7/ujpqnIZhsCY3P8M4ZPnhNmcq0/J9
+whA/4g4gn4p0B2K4qWoc+uwA36zWaQ9059l4Ww/YtmX8OQkTyEvoSSWI8dJXwF93
+mAF8H3+N3bYdPDlYksjbLpDhuY13kaIPu8mWjw4aU0h3v4GQ4q7NLq+i1Q0xUgpF
+aJSdEr7cXG63Wa8FJ1atMBVgB5w3cg6H/vitLu62CXl8Qpvh/KPrlPsRJTNUp2Y+
+321d24j4qrcR0Ttw8bUpG4JeoqJi+MtgBVTipot29p39uusekMHbP/L6o3TINKMV
+9NQ/jlY3FKZdMtifUhDGcaK48ZJDJ5hVRGg/
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
index b7fb49ffb29..90f785668b6 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvswDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANqVpr0995FOZ7EEhgAS7JXM
+40Ty2hx18UdxKmP1M9pIRRxvkubpvrWyU6mmqGdxIHvrJSq1XxcPGD/mlwGaqzbr
+1RS0dMNWmeTea6rZaOQrhsKnvyMpAy/hfUi4YvyvFXzOw68xlTRdcSsf+w99xIbc
+CO27fBt97EMvj9mPutI+ExbG1u6QwBJvx2R90wj5HQZPdKiCIh2wqKNo5I3jBiQo
++x5Np8xzj5jSVu+EC69h2FitA0uKB/WenzGa1opq5RAa33+pbvNviZNjbcHZf6n0
+m327s9hFb1Iwm4WcQsw7PlroHOk1vm4RGYcoSjdhVbT91z4/pJXyHcroWQOqQHEC
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBjK6YRhuwZKLWUwoKw9a7/ujpqnIZhsCY3P8M4ZPnhNmcq0/J9
+whA/4g4gn4p0B2K4qWoc+uwA36zWaQ9059l4Ww/YtmX8OQkTyEvoSSWI8dJXwF93
+mAF8H3+N3bYdPDlYksjbLpDhuY13kaIPu8mWjw4aU0h3v4GQ4q7NLq+i1Q0xUgpF
+aJSdEr7cXG63Wa8FJ1atMBVgB5w3cg6H/vitLu62CXl8Qpvh/KPrlPsRJTNUp2Y+
+321d24j4qrcR0Ttw8bUpG4JeoqJi+MtgBVTipot29p39uusekMHbP/L6o3TINKMV
+9NQ/jlY3FKZdMtifUhDGcaK48ZJDJ5hVRGg/
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem b/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
index 89bf971b443..f184721d515 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
-	-----END CERTIFICATE-----
\ No newline at end of file
+MIIDdjCCAl6gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvMwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGQxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzESMBAGA1UEAwwJY2hlZmFkbWluMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56ettU4VAn7qz1j1NoiBQfn7
+S96t+Ta6CeeySm1RihsJdxhqAmPK83Jro/QFDzySrVD2GwuQ43DQfOKy25LRvKhV
+u5AY5k4Pqy8d/5T4Ike+MaC4SiVb5/In8Uqe6tLeQprun1J39Qo8FJ8CvEWsLbDx
+ATLWo0olQDY60ciH6D02NHoRVqQ9dz8vleCJf+978GmvJqpUHnziYKyy/A+3Z8aY
+yjZncjwOP/KIPcKnrDg/4cLN4SZB3D/ZPyev+80fUEJfZGXv4xpr8JJILYSi/ryV
+DSvQjZKl7jiXFfKdZo3Zz6LSKovt4MfLVa/2mLQiuNCkmJZTq1hZE0qcQ/Q4lwID
+AQABoyEwHzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcN
+AQELBQADggEBADZSRlmAyLdwTc10Jh7WeuhoK3DklSIHk2hiWemiI4wuWiJ19IBg
+qPrBsSsZevODL6FgNlyEgdfSGXJpgZfzlNqBeW4nUc+lMkiTSGTvgr9SVmZAPz52
+zRahRxnUXJkbcwuU51bJn58xmIB1SFUHqAALHuAAOhoEqTxVfwtkC2dL4IFhNmWI
+oZMMc6pQmR7B4dteJKogsE1sp031/PC0qch+8yDlxY8tfSLLYq0lIDaUVbvY+RDK
+2d/6zFSywsK0NfLb0gSZ/UayQtSSINwsH6AwkWlJuDNjC0qv9EbSZSH9hte8ofDN
+Drg3vVH19nkLatp4+eZZZf8yiGdkl8hNZFQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem b/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
index 89bf971b443..e095170499c 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_admin_key.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
-	-----END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDnp621ThUCfurP
+WPU2iIFB+ftL3q35NroJ57JKbVGKGwl3GGoCY8rzcmuj9AUPPJKtUPYbC5DjcNB8
+4rLbktG8qFW7kBjmTg+rLx3/lPgiR74xoLhKJVvn8ifxSp7q0t5Cmu6fUnf1CjwU
+nwK8RawtsPEBMtajSiVANjrRyIfoPTY0ehFWpD13Py+V4Il/73vwaa8mqlQefOJg
+rLL8D7dnxpjKNmdyPA4/8og9wqesOD/hws3hJkHcP9k/J6/7zR9QQl9kZe/jGmvw
+kkgthKL+vJUNK9CNkqXuOJcV8p1mjdnPotIqi+3gx8tVr/aYtCK40KSYllOrWFkT
+SpxD9DiXAgMBAAECggEBAMoneqBYVl9KMFDnmX2QW/QeWVzZI0rypiDUr7LheSGi
+/HyQspoJSedut15pKS0lt/5FQ69QRY0lOttw3ZJdqmgPIlm+ouv/vQ6u3GfYMT2B
+DAm07n3N4kkj+hVIACx9/fVzzL7+Ma6F0u5P4Qw5ZMquuXJJUiNHJgDGEkhVzbws
+XaNucuk7WvbLnLR2MHrJPeAOrlF2/Wv6VBsEQRJkaEDwhIKmMWG+k/M3Q8DaerDj
+mtx+tbAMZhBKQr0x/2H3GYQI45IVXtiBfpoSdjq8TmaHMsFqPRB+G4KU+JbBW5Fw
+PirPnM1H9d8VNTlaB8b9T1lgcHGxWIYkMC5RfV06wRkCgYEA9Lc/7DubTh7cWwlR
+mvadMK0vrtXYbVQCok7qUlZC8WgwUJqfA0MfDC6qxAFrPNo/HEkSAWk4MPdRFwIV
+AMHB663NhFLtmxqZhfDgphYoQdX5jrD2YifgDU4w/fIr2kyWzoB6r4t/iXXBbtHO
+GrtFccF4q1Cmg9ZSDcf/uqFEGEUCgYEA8lZAkRm8UIBJ/5ZxO3XkMrxrADZMAS2u
+S4XCV2EEGeiBEAkMQtT5xccxfQ3faV9rs0YkVXXGyDg4a2AUCcbKyV9vwlLiy0vh
+Gd8MZ79IwCr9AREI8uUTsKenr26+mbqCofX+6lZwyNCxbZSc/ver8UXpTwpc2hAG
+7H+t5aEqYSsCgYAra0ggNgM8PSWD0Yd1I0SImnHXZ4HbBAjjm3Tf3wZJpt7LrmOA
+RKyBkNYjqMzKIz8HWb+kGHMr3PW6S1hGphouIsxQKhaWaoXKyg5R6aSC6eA5fRR6
+HfEW60SuCgXV2bj4MruR4gJi9U24x+j1vTx5DobGfqzMv34Xi+DH0E0wsQKBgQDx
+dtns+py2Ba41+pwm6CgSGcXwNynyPqcd31Cuqh9hBVecN7e82+NomzsHZQxIPWjd
+/7TyZmFEXShybRBqUWb70ZlVIiuS76+CjMoakfGWcP8Z0fR9uZ2t9s/RsOI/4SSK
+5scyjiDhJ3izPFJWh0gPJ176f9PXAAM2IV6PoM/OcwKBgDT3SGqdpuwpuC/dRNU4
+5Q5WmTz3YWYxiVdJqVbL40TM2yEHh9ocsdgl9xDN8ELp38wlw5r4P6lfKjB9fmRZ
+YrFxlDZ0LURKyNEJq4KOp8criB2Q9UDDblgPVm8u7mIu24TqF2l9AFUf7AWn0px2
+vtG5yZjAY92/XaJkK2cRDop7
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
index ded85ae40ce..bd0d5152975 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDlC3TpEq8exfp2
+28htCkr98saM7XOhwEif7ZwC5GDYve/aXCXjMSaDAjReIiihH/w0EkCb9HUQK67o
+6MAr7ctbY2sVslTeboV8VMgvGuLzrWy1nQzg+Dw6oLDWsno5iyq/1zQUgZ6wDbDW
+7bnmV5WtFyWcVf7f4B2LCHTPTdM9LDwbRBwI6cPFNllEdKsY2m8BsVKJSQUhfTwW
+mdMBTJo3IOKsmgE//1w+4QMuWHncvM/vbQ6mY5+hYUNvYmkY+fArylzxtlW8NEP9
+oGXjJ2Ki6Wy0rHUcIsbsygkPNx8gfsWrAIGAnnYRqk4b8JY3Kc9zW7eETTkt/koj
+QGEvWZMzAgMBAAECggEAbB1PTyExpk3/XxF5dvbv1RU+4ZDIDybrYQpQpRDWIhjt
+2d27SJWPvzFQNMrc8MlfS9j9xF/MzhhAlNIgu9ugLQAtsO0foGr8+WYvpASF8k3/
+TW7XgG3MSERHlOBkTztAr5NOkwtoM2QTADDwmijnju+pIjV5fIWWjGUudhgfSPTu
+izXpapkUwRa8RhDKWewPJfAe67a2XDqTtzx6Cm0u0hfLqppFFefx86NkK1dsi7cF
+IaJ9omZwg5tB5H/pDFQ0cfPKMZd+9zWvtR8M/18YZEe3xoCMvYMaV05js9ErWRV+
+tkhQLaZOK5iEByq5KKJMqyOUFh+1LgsW5TuGmHgISQKBgQD9Eec6KveW2/z/RNWl
+q0YJOxuFWjYCAirflRiy2UvrTK4GRQM2Euvc+rfsKy+yo9DOqhjDX8uARnfQ/e+r
+DDPPMJSUQDOumWOBUGt0fkZ3LR3Q+cQ0oI1I8G1D/IgwY2KyAQKQvjn6bR+uuOwc
+qNExjD52XGdRHxKNcyu0FrcDJwKBgQDnslfSIZXLRrlR0Nb3xIjLewliqgI0R2AQ
+3sAMsXr1ceVFRHXeTJJ30ETMLhIYon62ev+cBzZTBsT04/tKXan+iacjr8zHiWRi
+4+aqMFqP47md+qzGQzrLdxKOSbuChNzrp3v6waCOQ2QFWc8anhULp/ANZUUv5jQd
+Rptq++XHFQKBgQDo0gC9hewUMT1Xh3dam/Cp62QNUgof3Oiem2eGmtz6k6gCgplK
+tSujOFHfB3gxS/59MwXnMIli8PGoJwbIgUhk09fNcCdb+SgPPvIs0UN4vtwQdsho
+dlClCvQrOPf+NGEHTGCU0z05xA0CzIQEdddHUzPf5nDys7h4w70wSDmEvwKBgAci
+ZLXhtt0VhmtQhO4ILTYmybkyBvNZJ0odscgyRtj78tVZME/yB6iMzzGCUahUiJZR
+30EMr82KrdHkmz5E+BEQaAcfSKz0PBUXc2jWKFO57WNB7sQEGfFd70JWXuG7+ZmA
+BL9J6wm2ZYQMqeXl7Dv5pdijv6ej7QLhw7NdokupAoGBAJPJ7YKq0LS/eeXhY5YY
+is/FWKw79jUN0UFq9xYOMNZCQou9+tRhoGEJ0DJ62pYuPy+V3xqpTXo7xxGiO9+a
+/EF4LXmjQNNx3Llic7Vy1Gj0JBWzDv35lGCBXAMrwMetOWR3kS7J0vKg9cfAdoI1
+1dLMB0DeIp871u5YBKyCqzWB
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
index ded85ae40ce..9f5bbb26ca7 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDDd+7bqxFaQEtI
+VE8KyCRNrTmHVfAmNZVvlA18Y7rz7u7noqadL0LoQN3vTAQ0WyusLLjxHiqHk+2V
+mnWs3bOXf6WSBKrKBXLZbvjOsQhLyfYWQ8O3nM+Pm1yyU4cjh9UWEMWcw9xDXq0d
+T/88DM4bGf8n8DYl08gyTFK+G7n66EmL3IlaUzu2dd99BZUVCt5tTeCS7rP4wUQ8
+9MDwCNBy+mKpyhLGTe+cWbjWM+T3E+LBN+s0w08+rZBq6XZ/98Qmaqq51xTGtgw9
+gGedHFg1DENu60ExjnR0QJ7JeSJLVmjmxEgVOAF0iq8+YwvXoem6uRdSg0RMeyL0
+fP6SEtyVAgMBAAECggEAT790siafE8U7ca0D+pAhT5em6vJC4jPmXfl3bxJ5SeBn
+lBWmCGcp0vv0EBdhd8LilIJCig0WqO3PdsPn0rk49kxbzrEcxQNoEhHWbO2JRvKE
+9hx7k0Pk4uAt94tgjTxz0WbSWN0H1mygEF988JEA3cnDchXs4Y4AFZVSBMHnJNg8
+wUYRPPYjwDIC+37f6tBJAYZJDnKg9Lx8mIHCfzi2dyfe/ianWLTGVcFuLhwM16M/
+3Tmvpnl/LjvQHPvoDHPox7ZYpHwwvqPK+numDe6oUa0+LNbU6nhoa3btLFoDx9d7
+TnulqbN1fkXJRX2XXpU4+SSUBHs5khLWsLxw8G4c2QKBgQD6tifTKVB8EH2PSNlD
+puYUfg+xZfGfyFuXaGU9dIH739ipOJh3XHq6qA28tXSMoQUT5dt4tMplsq6udBO0
+j0nXxzN0syRELU9WluqqMJalbpb9AxwYVXCmaLVwH0UkMEO5Vp/WX3+7j06EQQ5T
+B6mA46fUQ2rJQlMMCT5YLTDGdwKBgQDHl3bp5wacH8cSDTTr6Ar6XRZKtGSB0may
+RzhWuPHCmGT5NRbSoBxTeOxp+D7d5uEQ/gFsvAzZduc/8FL/9aiRqvUbJwhl6dcP
+IVxiWzlecNkeQ+6L+wduOdA6Buj8TqDpczzbg1kI49gU5hhgOn1Em2xcWCfMlPZQ
+hcO3yr6cUwKBgGwX3VPNnEXhVkFQx1vDua9cKqfxrBuX5uWAvSWh9ekCugc7v4C2
+/rM7gbC7C2UWh3nswJNqX1k5kNbmdRiELvI5kJXgJuK+JlbO+p4mFM1+wNqVXKeh
+LtCQlKmi0cyogoqGLqPeyNO1FcUvx11FEG/ht5ps9r2POv8VfSvHUCBBAoGAOqsL
+CTYfe0Tb/zJim/VZRL6YDt13rbFq/nxw0w0KA2lIRPiV/NOTf/XLiFqwIAn9nkEL
+qiqcnE+XKfQ6cYKESk02PwT6MvrJfGkR/tdRxbDmIT9Wn07qoDveOTBOy9tQ8U4u
+VVgGk9Zlbb806xRGPiRxdbNz/27J+GFZZmzyGoECgYA6e/k8eBWhQIB/VzzBgsee
+aaivAKA2eHq5aq198UpLwPz0J2kyK5uo6ECPFc0HfuK60UwILK01D5DnXn40tfxF
+A7DnlG8npyxgC4E07xe3snBgpx4ZLrlnk2PgUCQi1EObGSV8MpZzUspHWXtfYPbs
+MTqmjeop6X3au1rpwNFhUA==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
index ded85ae40ce..9f5bbb26ca7 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDDd+7bqxFaQEtI
+VE8KyCRNrTmHVfAmNZVvlA18Y7rz7u7noqadL0LoQN3vTAQ0WyusLLjxHiqHk+2V
+mnWs3bOXf6WSBKrKBXLZbvjOsQhLyfYWQ8O3nM+Pm1yyU4cjh9UWEMWcw9xDXq0d
+T/88DM4bGf8n8DYl08gyTFK+G7n66EmL3IlaUzu2dd99BZUVCt5tTeCS7rP4wUQ8
+9MDwCNBy+mKpyhLGTe+cWbjWM+T3E+LBN+s0w08+rZBq6XZ/98Qmaqq51xTGtgw9
+gGedHFg1DENu60ExjnR0QJ7JeSJLVmjmxEgVOAF0iq8+YwvXoem6uRdSg0RMeyL0
+fP6SEtyVAgMBAAECggEAT790siafE8U7ca0D+pAhT5em6vJC4jPmXfl3bxJ5SeBn
+lBWmCGcp0vv0EBdhd8LilIJCig0WqO3PdsPn0rk49kxbzrEcxQNoEhHWbO2JRvKE
+9hx7k0Pk4uAt94tgjTxz0WbSWN0H1mygEF988JEA3cnDchXs4Y4AFZVSBMHnJNg8
+wUYRPPYjwDIC+37f6tBJAYZJDnKg9Lx8mIHCfzi2dyfe/ianWLTGVcFuLhwM16M/
+3Tmvpnl/LjvQHPvoDHPox7ZYpHwwvqPK+numDe6oUa0+LNbU6nhoa3btLFoDx9d7
+TnulqbN1fkXJRX2XXpU4+SSUBHs5khLWsLxw8G4c2QKBgQD6tifTKVB8EH2PSNlD
+puYUfg+xZfGfyFuXaGU9dIH739ipOJh3XHq6qA28tXSMoQUT5dt4tMplsq6udBO0
+j0nXxzN0syRELU9WluqqMJalbpb9AxwYVXCmaLVwH0UkMEO5Vp/WX3+7j06EQQ5T
+B6mA46fUQ2rJQlMMCT5YLTDGdwKBgQDHl3bp5wacH8cSDTTr6Ar6XRZKtGSB0may
+RzhWuPHCmGT5NRbSoBxTeOxp+D7d5uEQ/gFsvAzZduc/8FL/9aiRqvUbJwhl6dcP
+IVxiWzlecNkeQ+6L+wduOdA6Buj8TqDpczzbg1kI49gU5hhgOn1Em2xcWCfMlPZQ
+hcO3yr6cUwKBgGwX3VPNnEXhVkFQx1vDua9cKqfxrBuX5uWAvSWh9ekCugc7v4C2
+/rM7gbC7C2UWh3nswJNqX1k5kNbmdRiELvI5kJXgJuK+JlbO+p4mFM1+wNqVXKeh
+LtCQlKmi0cyogoqGLqPeyNO1FcUvx11FEG/ht5ps9r2POv8VfSvHUCBBAoGAOqsL
+CTYfe0Tb/zJim/VZRL6YDt13rbFq/nxw0w0KA2lIRPiV/NOTf/XLiFqwIAn9nkEL
+qiqcnE+XKfQ6cYKESk02PwT6MvrJfGkR/tdRxbDmIT9Wn07qoDveOTBOy9tQ8U4u
+VVgGk9Zlbb806xRGPiRxdbNz/27J+GFZZmzyGoECgYA6e/k8eBWhQIB/VzzBgsee
+aaivAKA2eHq5aq198UpLwPz0J2kyK5uo6ECPFc0HfuK60UwILK01D5DnXn40tfxF
+A7DnlG8npyxgC4E07xe3snBgpx4ZLrlnk2PgUCQi1EObGSV8MpZzUspHWXtfYPbs
+MTqmjeop6X3au1rpwNFhUA==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
index b7fb49ffb29..cb6d59725ad 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvwwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOULdOkSrx7F+nbbyG0KSv3y
+xoztc6HASJ/tnALkYNi979pcJeMxJoMCNF4iKKEf/DQSQJv0dRArrujowCvty1tj
+axWyVN5uhXxUyC8a4vOtbLWdDOD4PDqgsNayejmLKr/XNBSBnrANsNbtueZXla0X
+JZxV/t/gHYsIdM9N0z0sPBtEHAjpw8U2WUR0qxjabwGxUolJBSF9PBaZ0wFMmjcg
+4qyaAT//XD7hAy5Yedy8z+9tDqZjn6FhQ29iaRj58CvKXPG2Vbw0Q/2gZeMnYqLp
+bLSsdRwixuzKCQ83HyB+xasAgYCedhGqThvwljcpz3Nbt4RNOS3+SiNAYS9ZkzMC
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQCH7r8Y2SzXFj5jSh1DY7Nf4Ns85I86CtX9WdhQAh1WCHSML8hR
+Wk+qbCGLBwMHBu6ZH716ZLNWAdZ3f8hEKGRGTAyO5QmU8Y/NJZa/XnDHNVs68s30
+Oi0PrwI9+xmXPXaJPv3Silr+an6XHRwsAXknYwF0zWeqGzccnBNN7S/C2yBNvRnZ
+GfXrq1GnoT3kwxJj7YATyQ8Q33472j9AzsOU45YlXLIrWVvN55GaEvjD031uMLlD
+6bVM0d1C272smIImzxgfr8lHV8uV7x1tmU0UQfVe4AUHtUlnAg/cSfbG3PTvsFlR
+YFOuVVpgmvuW2IpfvLaCdcNIxsnQjqoVJf1+
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
index b7fb49ffb29..f2212b2344d 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vv0wDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMN37turEVpAS0hUTwrIJE2t
+OYdV8CY1lW+UDXxjuvPu7ueipp0vQuhA3e9MBDRbK6wsuPEeKoeT7ZWadazds5d/
+pZIEqsoFctlu+M6xCEvJ9hZDw7ecz4+bXLJThyOH1RYQxZzD3ENerR1P/zwMzhsZ
+/yfwNiXTyDJMUr4bufroSYvciVpTO7Z1330FlRUK3m1N4JLus/jBRDz0wPAI0HL6
+YqnKEsZN75xZuNYz5PcT4sE36zTDTz6tkGrpdn/3xCZqqrnXFMa2DD2AZ50cWDUM
+Q27rQTGOdHRAnsl5IktWaObESBU4AXSKrz5jC9eh6bq5F1KDREx7IvR8/pIS3JUC
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBzCJlF9nb7YlIZ7s77mSSUC9g2sbdB7cqqwZYvpif5kQVOjJZb
+e4UDYDlCwBPce//n5o3hJO3ei9riHJe4INWvWOKUaHXNqE1hJ14ZFIHSh/tyQxpb
+wcNRCbYnkfekZtTGwmGjD+mQGWDCHqvu9pdxSlz8Mr4bOtqFgmkTNBWsXbyfTpmX
+bKNNQtHeRLi5VLlC7B6OUORlxlmGiKaVC1bjHLTTIBoosUyelTw9dIu/z6l39LJE
+TAOG2kXQ/4Zw3Lketvb5ZuPAfhETh2cJp9cley/kh2fqh4GvdWk9679y/MqXPkUr
+FmueffyshgdUNAC5PQCGQs8ptdLv7DUIeO/l
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
index b7fb49ffb29..f2212b2344d 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdzCCAl+gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vv0wDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjlaFw0yNjA5MTMxNDI2MjlaMGUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzETMBEGA1UEAwwKY2hlZmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMN37turEVpAS0hUTwrIJE2t
+OYdV8CY1lW+UDXxjuvPu7ueipp0vQuhA3e9MBDRbK6wsuPEeKoeT7ZWadazds5d/
+pZIEqsoFctlu+M6xCEvJ9hZDw7ecz4+bXLJThyOH1RYQxZzD3ENerR1P/zwMzhsZ
+/yfwNiXTyDJMUr4bufroSYvciVpTO7Z1330FlRUK3m1N4JLus/jBRDz0wPAI0HL6
+YqnKEsZN75xZuNYz5PcT4sE36zTDTz6tkGrpdn/3xCZqqrnXFMa2DD2AZ50cWDUM
+Q27rQTGOdHRAnsl5IktWaObESBU4AXSKrz5jC9eh6bq5F1KDREx7IvR8/pIS3JUC
+AwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBzCJlF9nb7YlIZ7s77mSSUC9g2sbdB7cqqwZYvpif5kQVOjJZb
+e4UDYDlCwBPce//n5o3hJO3ei9riHJe4INWvWOKUaHXNqE1hJ14ZFIHSh/tyQxpb
+wcNRCbYnkfekZtTGwmGjD+mQGWDCHqvu9pdxSlz8Mr4bOtqFgmkTNBWsXbyfTpmX
+bKNNQtHeRLi5VLlC7B6OUORlxlmGiKaVC1bjHLTTIBoosUyelTw9dIu/z6l39LJE
+TAOG2kXQ/4Zw3Lketvb5ZuPAfhETh2cJp9cley/kh2fqh4GvdWk9679y/MqXPkUr
+FmueffyshgdUNAC5PQCGQs8ptdLv7DUIeO/l
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
index ded85ae40ce..fe3ba24c6c2 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFloOr9RoDqZHf
+7oRcE1TdrDX09lrTsBGW34IK3Sl5mmPMNWx9PD08FwFBg2SyFfQs3Lmqdq69CSEq
+Tj17TquzlFTja/1Sx7/j/2SF/6sp3EVb5F72KAzZFDJFTHLXZTPWK7PSYlYNJstW
+FOVf63owhzNd1xnDnnXw+hJ/6sUf/3jttLUcKICF01JfW3f9bJiCNFnwZrZTUiS2
+wNFIwEZPYdp8tPlrkNvt7I/G4RJUbvsX0ZGbp9GUg358Gm7bOCOFrKQBpWnuQqKN
+7ota8cGfhaz17MhAJQuCbV0sV/kMFvXW9xCMwZgwGT8/52seHJplT2ICe+mKG6n/
+enU5U3iVAgMBAAECggEAH0VG6XwM9e9sSshw4jGdCMgscexbS41d+0a8SgPegIRS
+rwr1dIyIFG5/oGKvGRAoaME2EShfV0OOoCdpy44T1oPvO17n5KYAVJEi06I28JUP
+1Q87iDGmduSfYCBNPJGjto2MFAvEGqi9HY6JDrkxyWRcWMmmJjN57v1k2CHLuNhq
+LvxgxRT1Dbh4oTtU5//rYZmFVVZ2Cfl2b4sJivX9o3RRRNklQpPv03f0YbIlRtIw
+3FjYjAG17WQpnMhmtCo6k45eAqomr4OV1BxrMl0Ltx6YLpLXh3zas96h5xQEIdM5
+74oSmseI67VKyLtmqDCvIxJFqtkhAB/0Z5sEdmh0gQKBgQD6Nsx/dwUxJ3HgqHxp
+jlFyNeWPuDhq6woiaUUaV2FMNc9zO0Lw2zYOKiVRKhbQ5X+gWXwMf+7L+6nwRSUa
+uXNRDd/t080z+5M0YHJhe80yy3saxAplqgpMPZWqhduPNAo5DSEAn/hDmq7mUb+4
+sS7MdqPPub2MM92hAaXRTIWJOQKBgQDKKC7OPdOVmLDcmBG/3RFkEFumm2gqBtmF
+4aL7Nn3dIxmkVs9HXH5JSY8r0ENrXlynSxO+174boqvFR/0Kw3YRnAJhcg+phECG
+xK4Jt3LMIkZqxhkgevHrL0l8mrCo4qEhbAuE/ppxO7dkVSwnn/y6lnjOrXmncz6d
+SnUSEc32PQKBgQDifVYRD3CQtO7c+EZd2iiZZHYe6ReQmJ881ONrW6tEK/VTjlIi
+6Zr9qWLMHHg4sXUcdcPXILrMxEpopn5WuYXL2e5YPn+iTVhLcf43hbQSBaSybsAm
+lIvrxVdD2xUKhIW4bMzx3twAffVRoLAWA7Sj+cSAVNZiIdS9WFt7oHPD6QKBgQCk
+v+61QgnHZvLsNDpy5JUhuXsX4psXdRGdXG/Yz2Xv7IUfO2gdvjFlRL+bc1UekX5t
+EHB9HZHfL8lRNAPy26zDWSNPiwdcnV2A95TmckzqNByzM9KSd9/kTVtUYzUJzfiH
+JmiU8HGpSoOBDzC28lmjLrIxrYrxfqhOw7l5Cm2R+QKBgFuwyuHD3Xr9H51Ma5l3
+J2PQzmNcXpev2h+3yW4s5YcSNPMmUusfrueaSDC+sPKin5GTcvY4D0PcHRsyvUPL
+neBKRoED3B9lkbs6ce7cVqmeQhjkT+hIW650MEfpYPvZlgkvAm3RUB+aX0PppGdC
+v993qjI98DUAwRz2p8YIga6S
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
index ded85ae40ce..93d1baf02c9 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDARuB0dNTnB11c
+679e83yn0c1argtVAhlKVFxv7XVkrlBrnGf8IZtn3ojtpGASPTIFz8exIpUzh2h9
+s7eQhJigk6XdPQEfMpBewtqkUaXUxHjI2Rmv0IR/xa4057oKkXosGQTtak2Q0Wip
+UDMsjBvhNBbgrl//KWjN1Gp5KkscXetfe1a8te9T2D0lOV3HK6SnORox0a+8YpU3
+WsRe4vBYvVOTXm3AHx/XgLETYnhCgTuWeL/fLmdYBo8a74G0K9H59mO+WoHg482O
+SDXYXC/Tvjsru6UM9+3SatskQOvOi4uEZYNZHlt8BQGNL5fz+5p1ze55DYMmnGAK
+qsGrOFghAgMBAAECggEAZRMdHLrpzES31IftAqn2ZnXIgJmrRVWkG8m7Ce+G3ZUw
+m1EN7KFyAykdS+czxYK70AhIzhoC2qKc0C9wGJ1LamYTM/jEpTS8ZcQCkYyGIxHg
++Jv/f8eaT1yIVjFWQAX3dkT0rSVLfwxF+3M4Y3uHkFwEhrnDpuuKt2CpU+Zis5bW
+SQ+HXdeSnHLB/gyOwRL9L9OaNDNBDsmOfFJXACC8n2FNdkaq0Nr49pN0suM1+0fO
+VrN3CQ/SPm/M1G5PAgGjpOpF621xk84AM5ik8sFglysl6lfsfCMFvMtJp3/64nK0
+8GrwJq3x8VwTAeQ/eXbxTPzTevDFvorSa6QxM1GAQQKBgQDensh5NFGZOkIasSBN
+R5NG7KQawL/AKNr/PFxkE3O3IzQb7HgYfp1rzQJrWt76Q9U6/Yrdha0CfMRZt6rR
+vRKJUhebvNUSl4w5Rv8XrWNYhI/l3qYqGjEJ10f0wJ0QaUej7yPxiBSFZ/LILWlR
+am0InlzNrF3Orja1dwS3pFj9mQKBgQDdG18I6zFhMaytLm3+Nr6+l1yECB0JHaRk
+qa/I/8xAhxNBAMopehYwEKwvfDDTM12WZFmcb7PTKHMtAvD19iDBIL2vfmqI9zRm
+zBklz6yc5hiPagGFtS+yNAEfmdIxYdIEQfrFj3P9GHKk3nQh3F7djCqg08nRvPFF
+FTVOmEnzyQKBgCCthhfkiiXH23Q3k9pEK2Y5zkzvBjaayKq2nYlDIbU8QaXnrClM
+TKdKTJSdniV2V5J1LTEfMiovTlMtFrH64wGtPzHpIg28mSS/OyqqlO6lZsoDSLjd
+Z11ecH2I2IVULuPtcoU9yGVcwNKJd/AvgxnExTKbnpl8ESPJ+LNMOJPhAoGAKlj7
+srGZG4xwDhs+ZdoGXmqPBZqoNP7AZac6S7zyWcmFHoYQMjF33mzTDaUzlL/ZxNwj
+bZrXTjIJHS3bCMDDNToYGmyT6vetyaJ9johf/wzy10TuVbWGFRNww6SqZVre5oHc
+jcoT5P2xt3IDvBiA8t3NrE/j74/Ihfqx4wO35kECgYA3vTh0VaDy5sB2qcRAlaNS
+V5MfoVVlw9/l1H8Xbp6Jgoy2kj2CM7nS3xx7baCJCvbkEXo2nUVQmTCDwO/0myAv
+NKumhQUbiZI0/edIybz4unxou4KRgk4x0yj9oFiB9eYChWkygXeFafZrRmP0FuoA
+SgOFEL7ldg8DbVFaZes8zw==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
index ded85ae40ce..42e90ab3d63 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMvmIifJRU+pNU
+QedsW6dK2Fz40mxdwz0lypjA0PX3a62KOLVG6Iu4yZV/cTEMhGRr2gRDBgPt9wxS
+4QuNgDuKiKGs7SRjieHc0JGQHUe+uNRZKFjPsfnhCXHU0hh31X9UbGKWg4f8g1+U
+vPewtfo7YLbWywcg6yfkmvV7XBLnMt2zKnILy/JshxIL0lz4I+r+KjX9Fkf9s1Sy
+/zo6rKV0GWqdtZ7qIMrCVK8XmXYom0En8CHkFUKr0hnmDu3RrDKlxO72DON9wz4/
+iZt40XHuXazIav6OvbU2Po/nOrS9SV9Vg8rQqaw6nJVFbDqLhxu0TdKlXzxK43iF
+qK58OXoZAgMBAAECggEAQrikKFLqz8qcqm+TqBcyLEzX92ozUFbonWEpaGRwU4Hu
+msWiJYpwxfZDVrWfY1Hdm9v/WYwjSbAhfvzBlAo+3QVrknvxSNLNHPWHCizQjZGT
++b4ROxXntXMrekxBFwQnK27qrdwNO7fgNQtjuF2FP0ZkLxkYqJyZcoEhEGNP8bFn
+aIVpOh14cOSjV2Rd5sk5QCexGi60PrqPLhXEgk16DpeKUyqKjWpTPN3wmKiyAosn
+5q2AU5+h9VgO8S3lso0mbt9iE7bGgzZuGeGtV1/D0HBEsvkKd7XSl2HjoKIh65v/
+8AdBy1CgHdMSfIo2vMySTsD/QL7KU7rP/0T7wjt8kQKBgQDxtTbOk2YG4yNyGfrK
+lQdsiZqExCv411vLdRebBCmcpJBGtHSvvi6nX2NKpUZH3F9kg5eNL/k7cckh14NR
+UogmDVW5NoSKHAvmdBsgKHjqwO+25CPamB02DNJslKFu2DvjsCPhLrohdGkxpGiy
+NrLrj52Qi1R/PJT2i/OY19/QXQKBgQDY2aJZBs3EJN4jV7JTW/c6FCEEFoD3BLKW
+k0ZSXYdbeFx6lBoKcSJy5FloTJNHGGzh1Y8AHWnEWmkx3adNVMH2UunrHihMB1ZO
+jJaDvWla6Hsk7LUpQKQvXSa5DeTRjg3cKZ8h84MeAGHGI+yWMBX+aBYJhw97/3EF
+TP2/YhKk7QKBgGZlktZo82wvhbCs+OYhxIditCdSxB4jfivvaxSs6sQFo2mQwW5C
+b5lQe8v/wIpo/bCjXuzdSgS467B+kI8/G5ajR5GzWur3fsMepO82tiMdoXAlrlrI
+3ncrb2m4fbtrt9N5p3maRhguLPJu6Du3mIzaxrGZlS5iB+l62LQDoDmxAoGAB5jY
+TzYlz1FbVvGjlbgLGUXLQlFngz/u4ceXFxufulylIMY/g04jXtMRLs4/+qWoauEI
+eYCOTAq+1LhnPBZUFUUiXNJZpxA6vdW/EC56mmy6o7iHQEK7fc1Npf4OnijT43qx
+0IaveUWaJ07q4vgcTSVoYD0TFc0FMKJZ4XKWJKECgYEAsJBU8Iq1UAPKEVWAGPb6
+ZJMT+6N8A6kk5it7lLjozUn0gKY0+Z82FspKn06ZmKuQbP1QBgSPUVlibuADblCw
+moTa3NejXNdPp5/zs+tioHRHAJ0cGrSBYAHufFmAhKpini+VfxP1s16xUvvuMpcb
+2Xqz09Dyg2AsbW/3Nq7p/4U=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
index b7fb49ffb29..3168142de18 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvQwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFloOr9RoDqZHf7oRcE1TdrDX0
+9lrTsBGW34IK3Sl5mmPMNWx9PD08FwFBg2SyFfQs3Lmqdq69CSEqTj17TquzlFTj
+a/1Sx7/j/2SF/6sp3EVb5F72KAzZFDJFTHLXZTPWK7PSYlYNJstWFOVf63owhzNd
+1xnDnnXw+hJ/6sUf/3jttLUcKICF01JfW3f9bJiCNFnwZrZTUiS2wNFIwEZPYdp8
+tPlrkNvt7I/G4RJUbvsX0ZGbp9GUg358Gm7bOCOFrKQBpWnuQqKN7ota8cGfhaz1
+7MhAJQuCbV0sV/kMFvXW9xCMwZgwGT8/52seHJplT2ICe+mKG6n/enU5U3iVAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAHbFSowIZIgp7PJBscxf6yiGfZAkJ40bxPG1jOx1msuPVMqd1aYux
+vgfMiSSB4VgTlfevjt9OduuLitN02oKXFRMXc5WPCoZm6WLFKwTT5S13s0BH4mOr
+tOFm84iMlnvLrlUNbOwdIpjbJVdDIvi/l1kEs9zCHMlMgnXlgRuZWABfciqWSmr0
+Bb6vYDNCJ3sfgdBifS1NeX9IJ/yTj9Zs+dEn1tFrljGY8Xg8pTmtf7oChQRnFEKW
+dSUZt/vAkug3u739KzeHfLcwiGDC336PhGoLbDw0x6AsT4BCcwB7jMrOBsBtCK5Z
+w0m2pi4hVt1O1M5A/m3aAIDIPYbhFW7owg==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
index b7fb49ffb29..6bfe47ce427 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvUwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDARuB0dNTnB11c679e83yn0c1a
+rgtVAhlKVFxv7XVkrlBrnGf8IZtn3ojtpGASPTIFz8exIpUzh2h9s7eQhJigk6Xd
+PQEfMpBewtqkUaXUxHjI2Rmv0IR/xa4057oKkXosGQTtak2Q0WipUDMsjBvhNBbg
+rl//KWjN1Gp5KkscXetfe1a8te9T2D0lOV3HK6SnORox0a+8YpU3WsRe4vBYvVOT
+Xm3AHx/XgLETYnhCgTuWeL/fLmdYBo8a74G0K9H59mO+WoHg482OSDXYXC/Tvjsr
+u6UM9+3SatskQOvOi4uEZYNZHlt8BQGNL5fz+5p1ze55DYMmnGAKqsGrOFghAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAVTpKDAKSzfHTwsATHuCvXYeJdbuX4jzBDtNyBeJasRRlehKdLrbe
+tywLOsBiWLrtcdCCia6Pd62a3RShhvNAcA+Mr3rDrEaR81JnuPoA/Pq3n6a0tA8r
+U9lAnzinfh9/o4nHWiiVXkYy4XlWl3jDjqBUj0/cFwofRqqABn3lE4KNHG+Ln2E3
+xniaLLtVxS8UoxyhAegLwk2aS+5tINvnqeWEx71ghBOqo1RAT+C+VlpaHcsLeDI9
+5uAzPiXseAzrHu+I2I8aP0xCMwgy1uQuWO55vEScDWQnzWWqIG6su3f2skWrK2WX
+0FBNSz2hmCAFkVS6iZgwpIlxIg+57MHdrw==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
index b7fb49ffb29..8ccc9aab2c4 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvYwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMvmIifJRU+pNUQedsW6dK2Fz4
+0mxdwz0lypjA0PX3a62KOLVG6Iu4yZV/cTEMhGRr2gRDBgPt9wxS4QuNgDuKiKGs
+7SRjieHc0JGQHUe+uNRZKFjPsfnhCXHU0hh31X9UbGKWg4f8g1+UvPewtfo7YLbW
+ywcg6yfkmvV7XBLnMt2zKnILy/JshxIL0lz4I+r+KjX9Fkf9s1Sy/zo6rKV0GWqd
+tZ7qIMrCVK8XmXYom0En8CHkFUKr0hnmDu3RrDKlxO72DON9wz4/iZt40XHuXazI
+av6OvbU2Po/nOrS9SV9Vg8rQqaw6nJVFbDqLhxu0TdKlXzxK43iFqK58OXoZAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAlkdYgv0m/K8NFBnA9C3ri33/3AR7v5YzUQwmyJ1pSS0JolPuvPQ1
+SD/h1Nqlb1COYFJhVaNm5Ofl/GnbcJMS5bCW3f52oWiyqIEyRvzDurMm3WYxzStW
+erCgnGfDAGhQZJs5kEwVvo5ieMqlBWCQx3c27sC9FzM78G2odguh9Ei6ZAkehc/n
+szy7DEbX9ZbReaPfai9DeY5+sWPkEXkbW4jaYWY1i3naWcKZiAXzUx63PdzywdQN
+cAxz6av8AwicRTDRSi2P1Ixkh+H2yX/58lWw0yzBZQzvftxiM3dnsK4bhCuEuqmf
+p569sWnIeVk3wwhS6lvGimeRshv0EEBWYw==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
index ded85ae40ce..4fd2b5b9a4e 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKml2iVcQ2moY1
+KTPvv6Epfo3EG9ZYZRNXcDWgkqi3dKF+bDR1S4r1ptvY2diZvyOm/iTrgQP2rPHT
+iOdSozllRwSCVD0K9RxdjM5QqFtAKeu7hjqKoS4QLOaU/NrRqayWo9eFZEohCySy
+viWF1nnFkHd2vGsLOxtrvidIZ69+u8ebSpL7ZU3XKP2NqGVhLiGhtW3fwIgJyRQo
+oNFJVugYO+YbAICQvVF7Y5RMI50zQtpsKD8Cr+aawK3Zb7CVt5AKdK1OgA7vZP/k
+Pg+BrfEqu2QMgbka/T+iYZBFv1EKtp+SdhInEB0Ymc/laJIdrwayGuSh3/xH3iJl
+BihiHEEFAgMBAAECggEAPg3jyfns/DB+FMBG+RK/oP7zGvLPxwlGUEy9EC57YJ1n
+bVplAtwddrohshyfPBAQMnC7DCra9O3pr7nJ6ES4Kq4C0oxMmhOTGZAsDQZT1KZC
+XpBxU86kVi36ff2oY/lNNGKAe4nJLq/EEL8urPyRFZL3FDYHr0vuTSTT0Vh4px7+
+48LjPLmH2nsRg7+faehDi0GlbmR0rL6zZY8T9+PljHEGx7MONNjreLoeVrSOwxfb
+Wloslaoeu5b+lbHfXPZ6xD65g+Qs7YTTAVxjWd1k2gKxovVQTppt7uvINbXmzhz9
+UNOxbgmgHIQWXBgFNobEsZEwf64BrdNB2HuhYRtmAQKBgQDzl73d/srNhDlPhZs2
+hZx9jkMQrwoXbiYnOVjSJphjmjYK8oNgQbC5LZOybMo9uKndB5vri27PLLgiMOAa
+YS7+qJfE261OwJ6hjxdokCo7DXp3LRB/1SaF0YoQjh84FvAiv/gNfLy98d3pFJDh
+xLvrE64CwuVURS7EnGSLbXU9hQKBgQDU7CZfka56ghy84Pkh7oMLk4o6znYmHMxv
+qsA6u6WkiZH2cPf+gCk/dIYkGnZx4vbF4xgKd5bxU4J6ovTPZM6qEE+kHtU9bOz0
+KGTkg4t00v7+lDxeuxJkc9WingCVX+1eDO2vJOX7wwmpNt2DZbdRIMeikIa1yU7d
+fMFE2G6NgQKBgQDtzUYq8XE0nw9/5XO4D0nNfNNV9zuH0h1nD2H5jnoYSlTV7Rh6
+IMcQkEDu36u0A5G4WJRLp4wero53unUc66EANMAtCzQufHagS9vTVWIU0jyrGZBQ
+61o3K294Z/ZsQGBf3D6hlBOB7xvvTgd+kBvQCx9GTNOqp/tXL0Isp0fcLQKBgQCk
+uNDzDJRMCI7M/MsgGhJdiVXeKs2yrILoPNQcXAFIqnk2i6z/wgynH7GLCsHpV2oM
+K6T0rBIlPrLpx1nXfKh5XscONCBKNhOWzA1J0A66YWWOdAXET7tp5Uc4WD4hUaYk
+JaJX5hbaT8gQlfaG6dEJPW/UbzUYO9X8ecBXT40vgQKBgDEQoTB8vdEwL86vxrRx
+hj0n9VUVnJr/cNC57gTz5edVzozs4hmuz1ghld9uyGfn34V/jZk+h1Qbfzc5zs5y
+E1L4sFLO07WPaUOVeFsz0e9lVEHxUL1CsPY0efOAiqiBrtokToJzPF0TnR/EhYF+
+OqG05l+S/YSiI1sSp4UONM9y
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
index ded85ae40ce..777e5cfbd36 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDgb+wuHgGjnGd9
+GNO34mC091Lp9AUdDjltUlPKNPV05K+su5YqDOjay3GGG8efmctZdnt9rQ25ZDT/
++6GLstbpmNSfC9lBJk5mInbT2EB8FMIJvQL81qtqrPqUGWorKTFr2W6ZbtuoJfRW
+/IlavyML5KNDFxTryM1MkbFz0XelI9ktdwhBpkuSDnPmMaisiPnG5Z44Pe83zcrw
+AQUXSWXUuKMUEaffFXQfsQ/pzk8WdbROvKQAM/+xBNwdIz0icUIWIPqZd79mGV6S
+M227jbS97401Y/y22CTTuMIUQ3yWmfKpuitIO9M9w8D/fEvUNHMM6wTN2gpioZ0w
+ci6O7GIPAgMBAAECggEAFA0LvacCoHpVqJByQchguWorJymc11aw/LpRMAyBLVtM
+8pKjvMgAeaOZVdDfibu0th5ms/ik9D4mmgQCD7f/iUkVHcxyMWbZtDg6A30bbbpx
+B2uye6I2GEax8E9A8/AvMSJwxhZoW2JgrPDM2KWg3OwlRdYnEVWUOdX+U4mQNdmO
+LUCGgtSYynn0ixTN3QQXoNImrOx6g8yZ8zEJOq9lQoTUFPNZyylU4J6tzz07qo4X
+mriIaQwf7AtHDsCxp/M0EMwI3RVhJE7UaQVXz3s7rs1mqTDqFaZ3TH9i96UGIba1
+kNHKhqEOrUt5zCmEwPhWO1RJIo56V6GIJwuRV/jHWQKBgQD5jTFTPEuqBbz/ne0x
+Uo7J4cNtK/JCTyKOx6RtcrLCvbC+xgQV3hQ9mkxd/EE29ymFFEDcJNi2FxKxk55G
+++HRsn72svfR1aG7RAE1wHHbX5h6khD8qWEnmW6PhT27RJTScyY5arXs0XP0bDmo
+xiGnHF1gV0OqfOaSqr+IiPra8wKBgQDmPJid62CucXuwqZ/DToYS0qXzs3Fu5aWb
+C9rNnBQrSrU6fkLK8/g/fIlyk5ETwlo2c3LxXl85VDLUGElvrFwbb014HJ5ZfLSk
+7gQCsJozyWo0D3h1gzAHSSAz6alKRfWXgtDWFShGbJE/tuy5a4GVK0BGjW2KnDy7
+4ewr4WKrdQKBgQDyxg5faIA/tvdoQi531lY9RppFggRbx/rZppVrOLN5yurAnYlp
+8LQGPi7fHEIhhBBrfAmhYWNGummgQfkwG2lUBO+JdxCqnceKlB0NOtxJS9XeIG3Q
+L8Ppr1Wk4D3vCkgx+H4OS6cS7a198y+g5qfkmC6rRBn7KSlzNBPDc2eASwKBgQCe
+dgJMXl4ScgTBmF1fHMJmXhjd3BksTF5okgYsEUpIaYjGE3SBHt0zRNGMzEfDo7ZX
+V6o6ucssN+kr1PNmKujR8Q8OphPOX2gtQ6v69fWLwwqXfjZYGsyJlyjU0fM0LWZU
+uzJkxfcMUVi+03WmQHnVYwlABcLo7ZNXdK0Jnnw8qQKBgQCD9D+8RTy2JCzrZfci
+6pFd6oznTd3YJc9wXcWN54mpAohVB/s0o0pS+hBpx+Azlkf8VcllduXQfMAzxrt8
+AOKXI04VuEo5PkjlaLC6ennA7tAte0+8ib9GdSRd76bFhu3JFUzQzpizSzAjd8sv
+HLeUCOrNle70hgkcD2xR4rnJ3w==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
index ded85ae40ce..8ffc37316da 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem
@@ -1,24 +1,28 @@
------BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
------END CERTIFICATE-----
\ No newline at end of file
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6FxiatWFwyqqp
+YyosfVCeqcA1r5NaVLb631ehM5kkYsdqWd8mrDwz/3kW2zOXHAmFb6x3stsg7Q63
+Ho850GCY6IiI1rUDQHtp6+YhN19gA5wkKHQz3xMmXJ94J3jowFDXI5lelbgfngrI
+giECBeJPTAkeX44dh744U5mpcPmme/BdpqJrGcVkXtGHDmu/EHtVxYzv6039PGpl
+1r8vxCAzzoaOaYiycQRU5J/k93+b5oXH6cb8JQ0MyJm8zuTcbsHPplDyaVyaGfXB
+uG8/uyPveG1L7Rd9fLP9PbP0v4IZ3i/4+LDyhUqBVQ2UGIKBRBBcZlQLwFZVTnC3
+ckWa1qqBAgMBAAECggEBAKyCUKrKzoPTPRY9+ZC4sw4C605Zb05kDiTO+ttTi/ox
+IBA1NCsTq9PAVy6bEl5Y/XKXrdhhE8aYO/YB/GBqDcJyfm/sKm3TTxVIPFQ6ks3d
+StgyMFcNyyDa6HJolSufbNGkDL+kJ8YXqoNqLtNDRSKhqCpiBsrVVb+9sEtlkemE
+kBryXU94C20Bkv9plN/gI+/f4xrzV0ECo/tjPmLcgZsrHdspFfNvl2LuOqq2oVa/
+7IShw5tAyEJO9lwOhRR6KcIYXRNDzXX7IgMdHLPy9jy5whOAoaIoLt5yxCLbERoz
+FD1ERUI1QEv3/S+SuTVDw5TLlYx4jW3//iRjZnrAtekCgYEA9iQwCT4ALpih8sDs
+fh6iBjoa74e7xHqAmsLFhSCfhWZTVV77D4+tu5AdbHuSNf9CSMWp2m9+97DIvumI
+T3Ar7SST24o6cKcwC14s87/qO+7SYBdGKeeFQ2Kjcavx9RHyCzi+bgX2abkmbyRd
+Hy2aR3ag3bKMgyJ5KDcnUKCfIrMCgYEAwYssc+cA2cxDtYR9JUAAJKjnCRBYP8tj
+DsIgKUEhd7zM3/gPMkjBb2f+ZvVT4FJ7uOo4z22o0ww6imO+UNg+sR7J4pX7j9aH
+FCd2ApYkRyy/2DVspcoKWMBrAP2B2PTtHonVtiigbiWdpTjtxbVq1Atv4VwVjdjQ
+U8irY2sQR/sCgYBmQCg4XqpCsSNtrdlQlzclsROpd9B30ZAFOm5FXIUILLbnmxpe
+n4hDh53BiB/4EH8frgVeebzb9nOeY3M91NJapDxMEkMuszVRM6Em7Q3IMfDw/Boo
+pEYG9T4CpbRQ41CSetMY758q0kB2ITwSDKavk0dGcbrPaw27uBW7983D4wKBgHRY
+2rcuBffn8EgdRjHvYGapVoG/Xp2zAXBsyHKkYZ8eUzbMYy5CSG5VYLy5+9sdGp0V
+yGMBs/xzHHn27gChjkZhkNFyghB80SUPd8SkR1i2EPnDW/XqGAA0Y97rhnRLAIRc
+LanckFzGphcduuogXgDsgyxBc/+ad9n2Bvmz8cyjAoGBAISlRYseIs/DGJ2YafeT
+AaxmrPBffpw3310MvUCUKpaYaHyIXmlaIyGyOqUDp+GvPTw8sujZhnVg38zwJlYy
+jflt6KnT53+MPLgP9TU7SyFFHJJEzf3tqvJfxlpF9y1v/fztOmEDn4hiL8o91IHp
+Rgbq1N7diY4G7KkhkChi4DLq
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
index b7fb49ffb29..d1530c7db5f 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvcwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKml2iVcQ2moY1KTPvv6Epfo3E
+G9ZYZRNXcDWgkqi3dKF+bDR1S4r1ptvY2diZvyOm/iTrgQP2rPHTiOdSozllRwSC
+VD0K9RxdjM5QqFtAKeu7hjqKoS4QLOaU/NrRqayWo9eFZEohCySyviWF1nnFkHd2
+vGsLOxtrvidIZ69+u8ebSpL7ZU3XKP2NqGVhLiGhtW3fwIgJyRQooNFJVugYO+Yb
+AICQvVF7Y5RMI50zQtpsKD8Cr+aawK3Zb7CVt5AKdK1OgA7vZP/kPg+BrfEqu2QM
+gbka/T+iYZBFv1EKtp+SdhInEB0Ymc/laJIdrwayGuSh3/xH3iJlBihiHEEFAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAGOAXc9+XW5iSEwNEm73LZWNhuApLqd45xjC3vKBXpiWXLydF5sGJ
+oVUsHZrG7NFvEaols8f4E7RegOjIPrZZV6723hGaX7VhA3UzDJnfnMPV7yEM4VvZ
+EksbxlKESpwA4h8HZU1OqfCg0Byq+KDgrRmwmTVpVvYqEKDD3ZFUQ3uKuSK7ZTFR
+lwyAJBACh9RtlwBaH1vhKPvmDppoudMlNpRnCwOuy25f0v2vga3eD37NCeP9GK8N
+sUmXcDfhBEcaFOW13Q0zH639ymUCA+P+4O/o4eDS2Tv2DvO8sJpIgFOEMZzxxR0y
+v61TpvPZCjrWiKN1DUN7qrjXNC1MmfzyMA==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
index b7fb49ffb29..ad53676442d 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvgwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgb+wuHgGjnGd9GNO34mC091Lp
+9AUdDjltUlPKNPV05K+su5YqDOjay3GGG8efmctZdnt9rQ25ZDT/+6GLstbpmNSf
+C9lBJk5mInbT2EB8FMIJvQL81qtqrPqUGWorKTFr2W6ZbtuoJfRW/IlavyML5KND
+FxTryM1MkbFz0XelI9ktdwhBpkuSDnPmMaisiPnG5Z44Pe83zcrwAQUXSWXUuKMU
+EaffFXQfsQ/pzk8WdbROvKQAM/+xBNwdIz0icUIWIPqZd79mGV6SM227jbS97401
+Y/y22CTTuMIUQ3yWmfKpuitIO9M9w8D/fEvUNHMM6wTN2gpioZ0wci6O7GIPAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAcbW0d2OZ8uZIFMbMy6VUW2y8BmVqLbbfXoyvIlEV9/c5sN9GXdnv
+w6KNPtoqxQQhJ5Vt31xa73wKO7ia+FvXiZSB4SaHa++q2LjldcPQ3zWITo9FKEV4
+sCTi49tjqBAaBzqZ+WSYRb0M635uy73lQHWwVk8r44OHGU9rAzMjVTlFCzSjRav2
+5SOOqiCviqoZi9BzPqasaAP/xpLNPK/4GWWIRMtNQcNQbZd7XRFpIcGu76lTmMzc
+zNnU3PBZizr8MEFHfPUiKU1LDBxzJG/dsThUg3mV37Uo+UhwVsEiqV4qDgGWL2i+
+S7ZjsKUwUGkpiqitCthuc2RqVi+0aB31pw==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
index b7fb49ffb29..f236e5d21d0 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem
@@ -1,24 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
+MIIDdTCCAl2gAwIBAgIUGRIvHV9V+hVgzYl6q2Keemg5vvkwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIY2hlZm5vZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6FxiatWFwyqqpYyosfVCeqcA1
+r5NaVLb631ehM5kkYsdqWd8mrDwz/3kW2zOXHAmFb6x3stsg7Q63Ho850GCY6IiI
+1rUDQHtp6+YhN19gA5wkKHQz3xMmXJ94J3jowFDXI5lelbgfngrIgiECBeJPTAke
+X44dh744U5mpcPmme/BdpqJrGcVkXtGHDmu/EHtVxYzv6039PGpl1r8vxCAzzoaO
+aYiycQRU5J/k93+b5oXH6cb8JQ0MyJm8zuTcbsHPplDyaVyaGfXBuG8/uyPveG1L
+7Rd9fLP9PbP0v4IZ3i/4+LDyhUqBVQ2UGIKBRBBcZlQLwFZVTnC3ckWa1qqBAgMB
+AAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAm0/tzRKbE0EshQbJ9G1ARtWYCuIUfw31POfMWRw7f9Vb43nxQ8FP
+pCSnMXsGqAP9kXcbiIxP6L1QSMbr1B71cEcmv/hnk3u+/av9mftXu9s6PibRATf6
+D3u+DxL5ECtcSFmDAtif+lS8e4sXzBt6Unw4S2FeksKy/Pxidvv8rSGaPB+Xa3tU
+01iIzJbFUwXbuESRAKXWhOLOLsrA7S/vKBN7PShMp1N/wYvNrcEbrf/EACvweFFd
+a7+LUITTXRDS1Uk7TIIUzcYvlX62UfDFKxoHUK+f/Yk48TM+4Ip5w4oxuJQ/hKjQ
+Cd/IRjLELDX53KIvpca8DIkc9T6fQnr1Cw==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem b/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
index 89bf971b443..6fa826df65e 100644
--- a/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
+++ b/components/automate-cli/pkg/testfiles/certs/test_root_ca.pem
@@ -1,24 +1,22 @@
 -----BEGIN CERTIFICATE-----
-	MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-	MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-	U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-	NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-	ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-	ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-	DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-	8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-	+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-	X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-	K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-	1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-	A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-	zt0fhvRbVazc1xDCDqmI56FspGowaaBCDEfGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-	YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-	bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-	DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-	L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-	eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-	xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-	VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-	WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8xY5Z=
-	-----END CERTIFICATE-----
\ No newline at end of file
+MIIDpzCCAo+gAwIBAgIUBYPmNYODsegtqdC4UMDEqgtLitIwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcM
+B1NlYXR0bGUxGjAYBgNVBAoMEUNoZWYgU29mdHdhcmUgSW5jMREwDwYDVQQDDAhw
+cm9ncmVzczAeFw0yMzA5MTQxNDI2MjhaFw0yNjA5MTMxNDI2MjhaMGMxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRow
+GAYDVQQKDBFDaGVmIFNvZnR3YXJlIEluYzERMA8GA1UEAwwIcHJvZ3Jlc3MwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAVWQtiuUvZlGk0csKpYtFVxLY
+HxL+D2Mec/7IxqGbccmNMsRLXw+ukRzGx0R6ppj5hE6bjuZeihaHFtAMpMBIDauX
+Qy12W/0Nkn0yALRrlq6IhHyt+axYZoF60BeEgTFiME/ai8CeyTUz2301oe0rEp58
+PX3Pr1FOmwGkGhXO88cArdkWMblKFxh9fsorhGW50TYrXPg09zpIcX5EnH1tsWv0
+IBjVgUPMWY50wdB7gzNOWbMtuburt/jzuT3oRmWu4OGebclpkgALKuC3xDPMtZ4j
+4w/eiGjm2D4yAYNeVjhwTk2o1DckUUY4WGNFXEaVBVDBT03rz9iaAidHoj7jAgMB
+AAGjUzBRMB0GA1UdDgQWBBT2GQGV/1o07Y0OjBj/PBqYDCHLWTAfBgNVHSMEGDAW
+gBT2GQGV/1o07Y0OjBj/PBqYDCHLWTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQATCKTpgj8P3zDMVZuzFg3vpaBZHwiB0pH4ZrKEu4d5fX2rgede
+10WyuJxT0Lwfms0Ou7qxpS6Th6RgBFM0riFk7+lMmIxZvgSO+Kxq9Re1UO6aduon
+PbPFhiTAdhOXT/9NAVStGljpTsrJMbXnVzZL6jUbkXK+cdR2zwW0zTkma6Ja2Ygf
+7bBmv3wOfzde3mw0AMlk9JWmFbIpyNKER4D60x6+F+g7foo4w5+OsNQQYHIL3b2l
+9h48bn2apwAc49l0RHIL0QSBkeklcsCO0H4Es8AwKi1+Q3J+P5Q7HrZie9gIH4D1
+SnWqpKuioaE82pLXRbT9+iWEJdj9mDkkMtbD
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/onprem/certs-config_only_frontend.toml b/components/automate-cli/pkg/testfiles/onprem/certs-config_only_frontend.toml
new file mode 100644
index 00000000000..f88042bd02e
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/onprem/certs-config_only_frontend.toml
@@ -0,0 +1,15 @@
+[automate]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[automate.ips]]
+    ip = "198.51.100.0"
+    public_key = "../../pkg/testfiles/certs/test_a2_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_a2_private_key_1.pem"
+
+[chef_server]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[chef_server.ips]]
+    ip = "198.51.100.2"
+    public_key = "../../pkg/testfiles/certs/test_cs_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_cs_private_key_1.pem"
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/onprem/certs-config_without_opensearch.toml b/components/automate-cli/pkg/testfiles/onprem/certs-config_without_opensearch.toml
new file mode 100644
index 00000000000..42177cca112
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/onprem/certs-config_without_opensearch.toml
@@ -0,0 +1,33 @@
+[automate]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[automate.ips]]
+    ip = "198.51.100.0"
+    public_key = "../../pkg/testfiles/certs/test_a2_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_a2_private_key_1.pem"
+
+[chef_server]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[chef_server.ips]]
+    ip = "198.51.100.2"
+    public_key = "../../pkg/testfiles/certs/test_cs_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_cs_private_key_1.pem"
+
+[postgresql]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[postgresql.ips]]
+    ip = "198.51.100.7"
+    public_key = "../../pkg/testfiles/certs/test_pg_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_private_key_1.pem"
+
+  [[postgresql.ips]]
+    ip = "198.51.100.8"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_public_key_2.pem"
+
+  [[postgresql.ips]]
+    ip = "198.51.100.9"
+    public_key = "../../pkg/testfiles/certs/test_pg_public_key_3.pem"
+    private_key = "../../pkg/testfiles/certs/test_pg_private_key_3.pem"
\ No newline at end of file
diff --git a/components/automate-cli/pkg/testfiles/onprem/certs-config_without_pg.toml b/components/automate-cli/pkg/testfiles/onprem/certs-config_without_pg.toml
new file mode 100644
index 00000000000..4a44ff5ed90
--- /dev/null
+++ b/components/automate-cli/pkg/testfiles/onprem/certs-config_without_pg.toml
@@ -0,0 +1,34 @@
+[automate]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[automate.ips]]
+    ip = "198.51.100.0"
+    public_key = "../../pkg/testfiles/certs/test_a2_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_a2_private_key_1.pem"
+
+[chef_server]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+
+  [[chef_server.ips]]
+    ip = "198.51.100.2"
+    public_key = "../../pkg/testfiles/certs/test_cs_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_cs_private_key_1.pem"
+
+[opensearch]
+  root_ca = "../../pkg/testfiles/certs/test_root_ca.pem"
+  admin_public_key = "../../pkg/testfiles/certs/test_admin_cert.pem"
+  admin_private_key = "../../pkg/testfiles/certs/test_admin_key.pem"
+  [[opensearch.ips]]
+    ip = "198.51.100.4"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_1.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_1.pem"
+
+  [[opensearch.ips]]
+    ip = "198.51.100.5"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_2.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_2.pem"
+
+  [[opensearch.ips]]
+    ip = "198.51.100.6"
+    public_key = "../../pkg/testfiles/certs/test_os_public_key_3.pem"
+    private_key = "../../pkg/testfiles/certs/test_os_private_key_3.pem"
\ No newline at end of file

From 0663100067b4e72c7c83c05ccfd9a0933c99126f Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Wed, 25 Oct 2023 00:51:51 +0530
Subject: [PATCH 09/17] adding validation on certificates before stopping
 traffic to frontends

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate.go           | 154 ++++++++++++++++--
 .../cmd/chef-automate/certRotate_test.go      |  79 +++++++++
 2 files changed, 221 insertions(+), 12 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 0216e0c772c..7f3216869c9 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
@@ -605,8 +606,6 @@ func patchOSNodeDN(flagsObj *certRotateFlags, patchFnParam *patchFnParameters, c
 	patchFnParam.concurrent = false
 	err := c.patchConfig(patchFnParam)
 	if err != nil {
-		fmt.Println("Error @certRotate.go:612")
-		fmt.Println(err)
 		return err
 	}
 
@@ -753,7 +752,7 @@ func (c *certRotateFlow) copyAndExecute(ips []string, sshUtil SSHUtil, timestamp
 			return err
 		}
 
-		fmt.Printf("Started Applying the Configurations in %s node: %s \n", remoteService, ips[i])
+		writer.Printf("Started Applying the Configurations in %s node: %s \n", remoteService, ips[i])
 		output, err := sshUtil.connectAndExecuteCommandOnRemote(scriptCommands, true)
 		if err != nil {
 			writer.Errorf("%v", err)
@@ -780,7 +779,7 @@ func (c *certRotateFlow) copyAndExecuteConcurrentlyToFrontEndNodes(ips []string,
 		return fmt.Errorf("remote copying failed on node")
 	}
 
-	fmt.Printf("\nStarted Applying the Configurations in %s node: %s \n", remoteService, ips)
+	writer.Printf("\nStarted Applying the Configurations in %s node: %s \n", remoteService, ips)
 	excuteResults := c.sshUtil.ExecuteConcurrently(sshConfig, scriptCommands, ips)
 	for _, result := range excuteResults {
 		printCertRotateOutput(result, remoteService, writer)
@@ -1338,18 +1337,27 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 		HostIP:     sshConfig.hostIP,
 		Timeout:    sshConfig.timeout,
 	}
-	c.log.Debug("==========================================================")
-	c.log.Debug("Stopping traffic MAINTENANICE MODE ON")
-	c.log.Debug("==========================================================")
-	err := checkLagAndStopTraffic(infra, configRes, c.sshUtil, c.log, statusSummary, userConsent, waitTime, totalWaitTimeOut)
+	templateCerts, err := getCertsFromTemplate(clusterCertificateFile)
 	if err != nil {
 		return err
 	}
-	templateCerts, err := getCertsFromTemplate(clusterCertificateFile)
+	errs := c.validateCertificateTemplate(templateCerts, infra)
+	if len(errs) > 0 {
+		var errorMsg strings.Builder
+		for _, er := range errs {
+			errorMsg.WriteString(er.Error())
+			errorMsg.WriteString("\n")
+		}
+		return errors.New(errorMsg.String())
+	}
+	c.log.Debug("==========================================================")
+	c.log.Debug("Stopping traffic MAINTENANICE MODE ON")
+	c.log.Debug("==========================================================")
+	err = checkLagAndStopTraffic(infra, configRes, c.sshUtil, c.log, statusSummary, userConsent, waitTime, totalWaitTimeOut)
 	if err != nil {
 		return err
 	}
-	//fmt.Println(templateCerts)
+
 	if templateCerts != nil {
 		// rotating PG certs
 		start := time.Now()
@@ -1483,7 +1491,7 @@ func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUti
 		c.writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
 	}
-	fmt.Printf("Admin cert path : %s \n", oss.AdminPublickey)
+	writer.Printf("Admin cert path : %s \n", oss.AdminPublickey)
 	flagsObj := certRotateFlags{
 		opensearch:      true,
 		rootCAPath:      oss.RootCA,
@@ -1673,7 +1681,6 @@ func (c *certRotateFlow) rotateClusterFrontendCertificates(infra *AutomateHAInfr
 		flagsObj:      &flagsObj,
 		skipIpsList:   skipIpsList,
 	}
-	//fmt.Println(patchFnParam)
 	err = c.patchConfig(patchFnParam)
 	if err != nil {
 		return err
@@ -1757,3 +1764,126 @@ func getIPS(infra *AutomateHAInfraDetails, nodeType string) []IP {
 	}
 	return ips
 }
+
+func (c *certRotateFlow) validateCertificateTemplate(template *CertificateToml, infra *AutomateHAInfraDetails) []error {
+	errs := []error{}
+	if len(template.Automate.RootCA) != 0 {
+		RootCA, err := c.getCertFromFile(template.Automate.RootCA, infra)
+		if err != nil {
+			errs = append(errs, errors.Wrap(err, "Automate RootCA file not exist."))
+		}
+		errsNodes := c.validateNodeCerts(template.Automate.IPS, infra, RootCA)
+		errs = append(errs, errsNodes...)
+	}
+	if len(template.ChefServer.RootCA) != 0 {
+		RootCA, err := c.getCertFromFile(template.ChefServer.RootCA, infra)
+		if err != nil {
+			errs = append(errs, errors.Wrap(err, "Chef Server RootCA file not exist."))
+		}
+		errsNodes := c.validateNodeCerts(template.ChefServer.IPS, infra, RootCA)
+		errs = append(errs, errsNodes...)
+	}
+	if len(template.PostgreSQL.RootCA) != 0 {
+		RootCA, err := c.getCertFromFile(template.PostgreSQL.RootCA, infra)
+		if err != nil {
+			errs = append(errs, errors.Wrap(err, "PostgreSQL RootCA file not exist."))
+		}
+		errsNodes := c.validateNodeCerts(template.PostgreSQL.IPS, infra, RootCA)
+		errs = append(errs, errsNodes...)
+	}
+	if len(template.OpenSearch.RootCA) != 0 {
+		rootCA, err := c.getCertFromFile(template.OpenSearch.RootCA, infra)
+		if err != nil {
+			errs = append(errs, errors.Wrap(err, "OpenSearch RootCA file not exist."))
+		}
+		if len(template.OpenSearch.AdminPrivateKey) != 0 {
+			adminPrivateKey, err := c.getCertFromFile(template.OpenSearch.AdminPrivateKey, infra)
+			if err != nil {
+				errs = append(errs, errors.Wrap(err, "OpenSearch Admin Private key file not exist."))
+			}
+			err = c.validatePrivateKey(adminPrivateKey)
+			if err != nil {
+				errs = append(errs, errors.Wrap(err, "Not able to verify OpenSearch Private key"))
+			}
+		}
+		if len(template.OpenSearch.AdminPublickey) != 0 {
+			_, err := c.getCertFromFile(template.OpenSearch.AdminPublickey, infra)
+			if err != nil {
+				errs = append(errs, errors.Wrap(err, "OpenSearch Admin Public key file not exist."))
+			}
+		}
+		errsNodes := c.validateNodeCerts(template.OpenSearch.IPS, infra, rootCA)
+
+		errs = append(errs, errsNodes...)
+	}
+	return errs
+}
+
+func (c *certRotateFlow) validateNodeCerts(ips []IP, infra *AutomateHAInfraDetails, rootCA []byte) []error {
+	errs := []error{}
+	for _, ip := range ips {
+		var private []byte
+		var public []byte
+		var err error
+		if len(ip.PrivateKey) != 0 {
+			private, err = c.getCertFromFile(ip.PrivateKey, infra)
+			if err != nil {
+				errs = append(errs, errors.Wrapf(err, "Node %s Private key file not exist.", ip.IP))
+			}
+		}
+
+		if len(ip.Publickey) != 0 {
+			public, err = c.getCertFromFile(ip.Publickey, infra)
+			if err != nil {
+				errs = append(errs, errors.Wrapf(err, "Node %s Public key file not exist.", ip.IP))
+			}
+		}
+		if len(private) > 0 && len(public) > 0 {
+			err := c.validatePrivateKey(private)
+			if err != nil {
+				errs = append(errs, errors.Wrapf(err, "Not able to verify Node %s Private key", ip.IP))
+			}
+			err = c.validatePublicCertsWithRootCA(rootCA, public)
+			if err != nil {
+				errs = append(errs, errors.Wrapf(err, "Not able to verify Node %s Public key with Root Certificate", ip.IP))
+			}
+		}
+	}
+	return errs
+}
+
+func (c *certRotateFlow) validatePrivateKey(cert []byte) error {
+	block, _ := pem.Decode(cert)
+	if block == nil {
+		return errors.New("Failed to parse the certificate PEM")
+	}
+	if block.Type != "PRIVATE KEY" {
+		return errors.New(fmt.Sprintf("Failed to parse the certificate PEM, unexpected type: %s", block.Type))
+	}
+	return nil
+}
+
+func (c *certRotateFlow) validatePublicCertsWithRootCA(rootCert []byte, publicCert []byte) error {
+	roots := x509.NewCertPool()
+	ok := roots.AppendCertsFromPEM(rootCert)
+	if !ok {
+		return errors.New("Fialed to pasrse root certificate")
+	}
+	publicBlock, _ := pem.Decode(publicCert)
+	if publicBlock == nil {
+		return errors.New("Failed to parse public certificate PEM")
+	}
+
+	publicCertificate, err := x509.ParseCertificate(publicBlock.Bytes)
+	if err != nil {
+		return errors.Wrap(err, "Failed to parse cerificate")
+	}
+	opts := x509.VerifyOptions{
+		Roots: roots,
+	}
+
+	if _, err := publicCertificate.Verify(opts); err != nil {
+		return errors.Wrap(err, "Failed to verify public certificate with root")
+	}
+	return nil
+}
diff --git a/components/automate-cli/cmd/chef-automate/certRotate_test.go b/components/automate-cli/cmd/chef-automate/certRotate_test.go
index be3f6c36c92..7285ed05cb0 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate_test.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate_test.go
@@ -3290,3 +3290,82 @@ func mockCerts() *certificates {
 		adminKey:    admin_key,
 	}
 }
+
+func TestValidateCertificateTemplate(t *testing.T) {
+	log, _ := logger.NewLogger("text", "info")
+	_, infra := getMockCertRotateFlowAndInfra()
+	certificateTemplate := mockCertifiateTemplate()
+	mockSSHUtils := &sshutils.MockSSHUtilsImpl{
+		CopyFileToRemoteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, srcFilePath string, destFileName string, destDir string, removeFile bool, hostIPs []string) []sshutils.Result {
+			return []sshutils.Result{
+				{
+					HostIP: "",
+					Error:  nil,
+					Output: "",
+				},
+			}
+		},
+		ExecuteConcurrentlyFunc: func(sshConfig sshutils.SSHConfig, cmd string, hostIPs []string) []sshutils.Result {
+			return []sshutils.Result{
+				{
+					HostIP: "",
+					Error:  nil,
+					Output: "",
+				},
+			}
+		},
+		Executefunc: func(sshConfig sshutils.SSHConfig, cmd string) (string, error) {
+			return "", nil
+		},
+	}
+	statusSummary := NewStatusSummary(infra, FeStatus{}, BeStatus{}, 10, time.Second, &StatusSummaryCmdFlags{
+		node:         fmt.Sprintf("%s,%s,%s,%s", ValidIP, ValidIP3, ValidIP5, ValidIP8),
+		isAutomate:   true,
+		isChefServer: true,
+		isOpenSearch: true,
+		isPostgresql: true,
+	}, &MockRemoteCmdExecutor{
+		ExecuteWithNodeMapFunc: func(nodeMap *NodeTypeAndCmd) (map[string][]*CmdResult, error) {
+			return nil, nil
+		},
+	})
+	type testCaseInfo struct {
+		description      string
+		certFileName     string
+		inf              *AutomateHAInfraDetails
+		currentCertsInfo *certShowCertificates
+		MockSSHUtil      sshutils.SSHUtil
+		sshutil          SSHUtil
+		statusSummary    StatusSummary
+		isError          bool
+		ExpectedError    string
+	}
+	testCases := []testCaseInfo{
+		{
+			description:      "Rotate only frontend Certs",
+			inf:              infra,
+			certFileName:     "../../pkg/testfiles/onprem/certs-config_only_frontend.toml",
+			currentCertsInfo: mockCertShowCertificates(),
+			sshutil:          GetMockSSHUtil(&SSHConfig{}, nil, completedMessage, nil, "", nil),
+			MockSSHUtil:      mockSSHUtils,
+			statusSummary:    statusSummary,
+			isError:          false,
+			ExpectedError:    "",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.description, func(t *testing.T) {
+			c := certRotateFlow{fileUtils: &fileutils.FileSystemUtils{},
+				sshUtil: testCase.MockSSHUtil,
+				writer:  getMockWriterImpl(), log: log}
+			output := c.validateCertificateTemplate(certificateTemplate, testCase.inf)
+			fmt.Println(output)
+			if testCase.isError && len(output) >= 1 {
+				assert.Error(t, output[0], testCase.ExpectedError)
+			} else {
+				assert.NoError(t, nil)
+			}
+		})
+	}
+}

From 0aed8f1cf8177bf0cef3c943ff7db7e16fe351d2 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Wed, 25 Oct 2023 13:23:48 +0530
Subject: [PATCH 10/17] adding defer statement to turn off maintenance mode

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../automate-cli/cmd/chef-automate/certRotate.go      | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 7f3216869c9..6603c069658 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1277,7 +1277,7 @@ func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SS
 	if err != nil {
 		return err
 	}
-	//////////////////////////////////////////////////////////////////////////
+
 	if userConsent {
 		agree, err := writer.Confirm(fmt.Sprintf(MAINTENANICE_ON_LAG, lag))
 		if err != nil {
@@ -1291,7 +1291,6 @@ func checkLagAndStopTraffic(infra *AutomateHAInfraDetails, sshConfig sshutils.SS
 	if err != nil {
 		return err
 	}
-	//////////////////////////////////////////////////////////////////////////
 
 	waitingStart := time.Now()
 	time.Sleep(waitTime * time.Second)
@@ -1358,6 +1357,14 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 		return err
 	}
 
+	defer func() {
+		c.log.Debug("==========================================================")
+		c.log.Debug("Defer Starting traffic MAINTENANICE MODE OFF")
+		c.log.Debug("==========================================================")
+		startTrafficOnAutomateNode(infra, configRes, c.sshUtil, c.log)
+		startTrafficOnChefServerNode(infra, configRes, c.sshUtil, c.log)
+	}()
+
 	if templateCerts != nil {
 		// rotating PG certs
 		start := time.Now()

From 2026e0a06bcd0a3a52ce9ecea4a7692e172fee7e Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Wed, 25 Oct 2023 19:44:21 +0530
Subject: [PATCH 11/17] replacing fmt with logger

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../automateHADeployExistingInfra.go          | 30 ++++++++++++-------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
index ee407668b33..57398dcc679 100644
--- a/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
+++ b/components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/chef/automate/components/automate-cli/pkg/status"
+	"github.com/chef/automate/lib/logger"
 	"github.com/chef/automate/lib/stringutils"
 	"github.com/chef/toml"
 	ptoml "github.com/pelletier/go-toml"
@@ -22,6 +23,7 @@ const S3 = "s3"
 type existingInfra struct {
 	config     ExistingInfraConfigToml
 	configPath string
+	log        logger.Logger
 }
 
 type keydetails struct {
@@ -31,8 +33,10 @@ type keydetails struct {
 }
 
 func newExistingInfa(configPath string) *existingInfra {
+	logger, _ := logger.NewLogger("text", "info")
 	return &existingInfra{
 		configPath: configPath,
+		log:        logger,
 	}
 }
 
@@ -77,7 +81,10 @@ func (e *existingInfra) generateConfig(state string) error {
 	if err != nil {
 		return err
 	}
-	e.populateCertificateTomlFile()
+	err = e.populateCertificateTomlFile()
+	if err != nil {
+		return err
+	}
 	return writeHAConfigFiles(existingNodesA2harbTemplate, e.config, state)
 }
 
@@ -100,7 +107,7 @@ type CertificateToml struct {
 	OpenSearch NodeCertficate `toml:"opensearch"`
 }
 
-func (e *existingInfra) populateCertificateTomlFile() {
+func (e *existingInfra) populateCertificateTomlFile() error {
 	// This is just to create the certificate empty file
 	automateCount, _ := strconv.Atoi(e.config.Automate.Config.InstanceCount)
 	chefServerCount, _ := strconv.Atoi(e.config.ChefServer.Config.InstanceCount)
@@ -118,7 +125,7 @@ func (e *existingInfra) populateCertificateTomlFile() {
 			ip.Publickey = "/hab/a2_deploy_workspace/certificate/automte.public.key"
 			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/automte.private.key"
 			ips = append(ips, ip)
-			fmt.Println(e.config.ExistingInfra.Config.AutomatePrivateIps[i], i)
+			e.log.Debug(e.config.ExistingInfra.Config.AutomatePrivateIps[i], i)
 		}
 		automate.IPS = ips
 		certContent.Automate = automate
@@ -136,7 +143,7 @@ func (e *existingInfra) populateCertificateTomlFile() {
 			ip.Publickey = "/hab/a2_deploy_workspace/certificate/chefserver.public.key"
 			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/chefserver.private.key"
 			ips = append(ips, ip)
-			fmt.Println(e.config.ExistingInfra.Config.ChefServerPrivateIps[i], i)
+			e.log.Debug(e.config.ExistingInfra.Config.ChefServerPrivateIps[i], i)
 		}
 		chefserver.IPS = ips
 		certContent.ChefServer = chefserver
@@ -156,7 +163,7 @@ func (e *existingInfra) populateCertificateTomlFile() {
 			ip.Publickey = "/hab/a2_deploy_workspace/certificate/opensearch.public.key"
 			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/opensearch.private.key"
 			ips = append(ips, ip)
-			fmt.Println(e.config.ExistingInfra.Config.OpensearchPrivateIps[i], i)
+			e.log.Debug(e.config.ExistingInfra.Config.OpensearchPrivateIps[i], i)
 		}
 		opensearch.IPS = ips
 		certContent.OpenSearch = opensearch
@@ -174,7 +181,7 @@ func (e *existingInfra) populateCertificateTomlFile() {
 			ip.Publickey = "/hab/a2_deploy_workspace/certificate/postgresql.public.key"
 			ip.PrivateKey = "/hab/a2_deploy_workspace/certificate/postgresql.private.key"
 			ips = append(ips, ip)
-			fmt.Println(e.config.ExistingInfra.Config.PostgresqlPrivateIps[i], i)
+			e.log.Debug(e.config.ExistingInfra.Config.PostgresqlPrivateIps[i], i)
 		}
 		postgresql.IPS = ips
 		certContent.PostgreSQL = postgresql
@@ -183,17 +190,18 @@ func (e *existingInfra) populateCertificateTomlFile() {
 	// Open a file for writing (create or overwrite if it exists)
 	file, err := os.Create(CERTIFICATE_TEMPLATE_TOML_FILE)
 	if err != nil {
-		fmt.Println("Error creating file:", err)
-		return
+		e.log.Debug("Error creating file:", err)
+		return err
 	}
 	defer file.Close()
 
 	// Use the TOML encoder to write the configuration to the file
 	if err := toml.NewEncoder(file).Encode(certContent); err != nil {
-		fmt.Println("Error encoding TOML:", err)
-		return
+		e.log.Debug("Error encoding TOML:", err)
+		return err
 	}
-	fmt.Printf("Certificate TOML written to %s\n", CERTIFICATE_TEMPLATE_TOML_FILE)
+	e.log.Debug("Certificate TOML written to %s\n", CERTIFICATE_TEMPLATE_TOML_FILE)
+	return nil
 }
 func (e *existingInfra) addDNTocertConfig() error {
 	//If CustomCertsEnabled for OpenSearch is enabled, then get admin_dn and nodes_dn from the certs

From e889f7ed5f45e472e68023b7cf19d54407352219 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Thu, 26 Oct 2023 11:03:46 +0530
Subject: [PATCH 12/17] adding exclution on testcase pem files

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 tools/credscan/credscan.go | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/tools/credscan/credscan.go b/tools/credscan/credscan.go
index cc85ef034dc..a5e0be9b932 100644
--- a/tools/credscan/credscan.go
+++ b/tools/credscan/credscan.go
@@ -171,6 +171,37 @@ var a2Config = config{
 
 		// Exclude test file for verifyservice which uses RSA KEY for test cases
 		{regex: `components/automate-cli/pkg/testfiles/aws/valid_config.toml`},
+
+		// Exclude test file for certificate rotation
+		{regex: `components/automate-cli/pkg/testfiles/certs/private_key.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/public_key.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_private_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_private_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_private_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_public_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_public_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_a2_public_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_admin_cert.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_admin_key.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_private_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_private_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_private_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_public_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_public_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_cs_public_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_private_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_private_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_private_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_public_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_public_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_os_public_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_private_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_private_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_private_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_public_key_1.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem`},
+		{regex: `components/automate-cli/pkg/testfiles/certs/test_root_ca.pem`},
 	},
 	contentInclude: []pattern{
 		{

From 38a498c6f38cb1dcc6645ca0a24814ee653d9d01 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Thu, 26 Oct 2023 11:13:49 +0530
Subject: [PATCH 13/17] adding testfile in credscan excl;ustion

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 tools/credscan/credscan.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/credscan/credscan.go b/tools/credscan/credscan.go
index a5e0be9b932..b59bbbfcedc 100644
--- a/tools/credscan/credscan.go
+++ b/tools/credscan/credscan.go
@@ -202,6 +202,7 @@ var a2Config = config{
 		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_public_key_2.pem`},
 		{regex: `components/automate-cli/pkg/testfiles/certs/test_pg_public_key_3.pem`},
 		{regex: `components/automate-cli/pkg/testfiles/certs/test_root_ca.pem`},
+		{regex: `components/automate-cli/cmd/chef-automate/certRotate_test.go`},
 	},
 	contentInclude: []pattern{
 		{

From 3c18ce87eb0f99803c7c7cb02de49fb0a5b28fc5 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Thu, 26 Oct 2023 12:24:54 +0530
Subject: [PATCH 14/17] fixing failing testcases

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 components/automate-cli/cmd/chef-automate/certRotate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 6603c069658..380ad6fd215 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1864,7 +1864,7 @@ func (c *certRotateFlow) validatePrivateKey(cert []byte) error {
 	if block == nil {
 		return errors.New("Failed to parse the certificate PEM")
 	}
-	if block.Type != "PRIVATE KEY" {
+	if block.Type != "PRIVATE KEY" && block.Type != "CERTIFICATE" {
 		return errors.New(fmt.Sprintf("Failed to parse the certificate PEM, unexpected type: %s", block.Type))
 	}
 	return nil

From b22b9b87ddc06aa40dc0be35eed7a066b39b4711 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Fri, 27 Oct 2023 11:27:58 +0530
Subject: [PATCH 15/17] adding docs

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../content/automate/ha_cert_rotation.md      | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/components/docs-chef-io/content/automate/ha_cert_rotation.md b/components/docs-chef-io/content/automate/ha_cert_rotation.md
index db7d8d73250..81551e9886f 100644
--- a/components/docs-chef-io/content/automate/ha_cert_rotation.md
+++ b/components/docs-chef-io/content/automate/ha_cert_rotation.md
@@ -35,6 +35,80 @@ The certificate rotation is also required when the key for a node, client, or CA
 
 {{< /note >}}
 
+### Rotate Cluster Certificates
+If you want to rotate certificates of the entire cluster using single command, then you can follow the below commands:
+
+To roate certificates of entire cluster using single command, we need a certificate tempalte,
+- To generate certificate template use below command
+`chef-automate cert-rotate generate-certificate-config certificate-config.toml`
+
+now we can find our certificate template in `certificate-config.toml` file, please edit the file and put required certificate paths
+
+- To rotate the certificates use below command
+
+`chef-automate cert-rotate --certificate-config certificate-config.toml`
+
+You can also use `--cc` instead of `--certificate-config` as a sort form.
+
+
+#### Sample Certificate template
+
+    ```toml
+    [automate]
+      root_ca = "full path of root-ca.pem"
+
+      [[automate.ips]]
+        ip = "10.1.0.130"
+        public_key = "full path of automate1.pem"
+        private_key = "full path of automate1-key.pem"
+
+    [chef_server]
+      root_ca = "full path of root-ca.pem"
+
+      [[chef_server.ips]]
+        ip = "10.1.0.16"
+        public_key = "full path of  cs1.pem"
+        private_key = "full path of cs1-key.pem"
+
+    [postgresql]
+      root_ca = "full path of root-ca.pem"
+
+      [[postgresql.ips]]
+        ip = "10.1.0.141"
+        public_key = "full path of pg1.pem"
+        private_key = "full path of pg1-key.pem"
+
+      [[postgresql.ips]]
+        ip = "10.1.1.190"
+        public_key = "full path of pg2.pem"
+        private_key = "full path of pg2-key.pem"
+
+      [[postgresql.ips]]
+        ip = "10.1.2.130"
+        public_key = "full path of pg3.pem"
+        private_key = "full path of pg3-key.pem"
+
+    [opensearch]
+      root_ca = "full path of root-ca.pem"
+      admin_public_key = "full path of os-admin.pem"
+      admin_private_key = "full path of os-admin-key.pem"
+      [[opensearch.ips]]
+        ip = "10.1.0.176"
+        public_key = "full path of os1.pem"
+        private_key = "full path of os1-key.pem"
+
+      [[opensearch.ips]]
+        ip = "10.1.1.125"
+        public_key = "full path of os2.pem"
+        private_key = "full path of os2-key.pem"
+
+      [[opensearch.ips]]
+        ip = "10.1.2.247"
+        public_key = "full path of os3.pem"
+        private_key = "full path of os3-key.pem"
+    ```
+
+
 ### Rotate Certificates of each service
 
 If you want to rotate certificates of the entire cluster, then you can follow the below commands:

From b6b66b6466dc49d6ccfefb0bdd72353be587cba9 Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Thu, 2 Nov 2023 21:57:32 +0530
Subject: [PATCH 16/17] resolving review comments

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../automate-cli/cmd/chef-automate/certRotate.go     |  4 ++--
 .../content/automate/ha_cert_rotation.md             | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 380ad6fd215..061ee52f495 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1438,7 +1438,7 @@ func (c *certRotateFlow) certRotateFromTemplate(clusterCertificateFile string, s
 
 func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, pgRootCA string, pgIps *IP, concurrent bool) error {
 	start := time.Now()
-	c.writer.Printf("Roating PostgreSQL node %s certificate at %s \n", pgIps.IP, start.String())
+	c.log.Debug("Roating PostgreSQL node %s certificate at %s \n", pgIps.IP, start.Format(time.ANSIC))
 	if len(pgIps.PrivateKey) == 0 || len(pgIps.Publickey) == 0 {
 		c.writer.Printf("Empty certificate for PostgerSQL node %s \n", pgIps.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for PostgerSQL node %s \n", pgIps.IP))
@@ -1493,7 +1493,7 @@ func (c *certRotateFlow) rotatePGNodeCerts(infra *AutomateHAInfraDetails, sshUti
 
 func (c *certRotateFlow) rotateOSNodeCerts(infra *AutomateHAInfraDetails, sshUtil SSHUtil, currentCertsInfo *certShowCertificates, oss *NodeCertficate, osIp *IP, concurrent bool) error {
 	start := time.Now()
-	c.writer.Printf("Roating opensearch node %s certificate at %s \n", osIp.IP, start.String())
+	c.log.Debug("Roating opensearch node %s certificate at %s \n", osIp.IP, start.Format(time.ANSIC))
 	if len(osIp.PrivateKey) == 0 || len(osIp.Publickey) == 0 {
 		c.writer.Printf("Empty certificate for OpenSearch node %s \n", osIp.IP)
 		return errors.New(fmt.Sprintf("Empty certificate for OpenSearch node %s \n", osIp.IP))
diff --git a/components/docs-chef-io/content/automate/ha_cert_rotation.md b/components/docs-chef-io/content/automate/ha_cert_rotation.md
index 81551e9886f..880e364f0b0 100644
--- a/components/docs-chef-io/content/automate/ha_cert_rotation.md
+++ b/components/docs-chef-io/content/automate/ha_cert_rotation.md
@@ -38,22 +38,26 @@ The certificate rotation is also required when the key for a node, client, or CA
 ### Rotate Cluster Certificates
 If you want to rotate certificates of the entire cluster using single command, then you can follow the below commands:
 
-To roate certificates of entire cluster using single command, we need a certificate tempalte,
+To rotate certificates of entire cluster using single command, we need a certificate template.
 - To generate certificate template use below command
-`chef-automate cert-rotate generate-certificate-config certificate-config.toml`
+```
+  chef-automate cert-rotate generate-certificate-config certificate-config.toml
+```
 
 now we can find our certificate template in `certificate-config.toml` file, please edit the file and put required certificate paths
 
 - To rotate the certificates use below command
 
-`chef-automate cert-rotate --certificate-config certificate-config.toml`
+```bash
+  chef-automate cert-rotate --certificate-config certificate-config.toml
+```
 
 You can also use `--cc` instead of `--certificate-config` as a sort form.
 
 
 #### Sample Certificate template
 
-    ```toml
+  ```toml
     [automate]
       root_ca = "full path of root-ca.pem"
 

From 1c26643834538d0b49745d6a47d4f311364e699d Mon Sep 17 00:00:00 2001
From: Jay Sharma <jsharma@progress.com>
Date: Thu, 2 Nov 2023 23:08:59 +0530
Subject: [PATCH 17/17] regfactoring

Signed-off-by: Jay Sharma <jsharma@progress.com>
---
 .../cmd/chef-automate/certRotate.go             | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
index 061ee52f495..765dcc85e4d 100644
--- a/components/automate-cli/cmd/chef-automate/certRotate.go
+++ b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -1829,27 +1829,22 @@ func (c *certRotateFlow) validateCertificateTemplate(template *CertificateToml,
 func (c *certRotateFlow) validateNodeCerts(ips []IP, infra *AutomateHAInfraDetails, rootCA []byte) []error {
 	errs := []error{}
 	for _, ip := range ips {
-		var private []byte
-		var public []byte
-		var err error
 		if len(ip.PrivateKey) != 0 {
-			private, err = c.getCertFromFile(ip.PrivateKey, infra)
+			private, err := c.getCertFromFile(ip.PrivateKey, infra)
 			if err != nil {
 				errs = append(errs, errors.Wrapf(err, "Node %s Private key file not exist.", ip.IP))
 			}
+			err = c.validatePrivateKey(private)
+			if err != nil {
+				errs = append(errs, errors.Wrapf(err, "Not able to verify Node %s Private key", ip.IP))
+			}
 		}
 
 		if len(ip.Publickey) != 0 {
-			public, err = c.getCertFromFile(ip.Publickey, infra)
+			public, err := c.getCertFromFile(ip.Publickey, infra)
 			if err != nil {
 				errs = append(errs, errors.Wrapf(err, "Node %s Public key file not exist.", ip.IP))
 			}
-		}
-		if len(private) > 0 && len(public) > 0 {
-			err := c.validatePrivateKey(private)
-			if err != nil {
-				errs = append(errs, errors.Wrapf(err, "Not able to verify Node %s Private key", ip.IP))
-			}
 			err = c.validatePublicCertsWithRootCA(rootCA, public)
 			if err != nil {
 				errs = append(errs, errors.Wrapf(err, "Not able to verify Node %s Public key with Root Certificate", ip.IP))