Validating certificates with crypto.x509.parse_and_verify_certificates

[3goats]

Hi, is there a way to provide the CA certificate when using this function ? For certificates issued by private CA's I think this would be needed.

[charlieegan3]

I think my answer here will help: open-policy-agent/opa#7764 (comment)

If by CA, you mean trust root certificate, then providing that as the first in the list of certs in the chain would be the way to do what you ask here.