Another question I had in mind is, does Boulder also support Third-Party CA certs? For example I have a PKCS#11 and I want to introduce it to the SoftHSM and have Boulder sign requests with that certificate, instead of the key-pair/certificate issued at first container creation.
And another thing. Suppose I deploy Docker Images to an isolated environment. When I want to conduct a software update, do I have to reintroduce the keys every time? Or do I have an alternate solution, like storing them on a seperate Boulder Image, and have another container whose Boulder Image is the one I will be “updating” regularly on the net.
Thank you for your time.