ello everybody, We have deployed Rancher server on Kubernetes using certificates signed by our private intermediate CA, its certificate in turn being signed by our private root CA. Before deploying Rancher server, we had created the certificate secret resource for the ingress as well as the CA certificate secret resource as instructed by this guide: https://docs.ranchermanager.rancher.io/v2.5/getting-started/installation-and-upgrade/resources/update-rancher-certificate The ingress secret contains the certificate corresponding to the ingress FQDN, and the intermediate CA certificate, plus the ingress private key. The

https://<FQDN>/v3/settings/_cacerts_

Rancher server was deployed using the following command:

helm install rancher rancher-stable/rancher --namespace cattle-system \
--set hostname=<FQDN> \
--set replicas=3 \
--set ingress.tls.source=secret \
--set privateCA=true

However, when importing an existing generic Kubernetes cluster,