We currently have mtls setup for internode connections, wherein nodes are using the cert chain signed eventually by the root CA as certFile and a CA file containing the intermediate and root CA for clientCaFiles, rootCaFiles.
Would like to understand if rotating the intermediate CA cert would cause TLS handshake failures even if clients send the cert chain rooted in the root CA and the CA file contains the root CA?
And the recommended steps for performing an intermediate CA cert rotation? As the docs seem to cover only temporal cloud which suggests to ensure that both old intermediate + new intermediate CA has to be present.