Connection to cluster is still working after CA is expired

[282ori]

Hi,
I am using a Java client in order to connect to my Kafka Cluster.
I inserted my cluser-ca-cert into my truststore in order to trust the cluster.
The Cluster Operator renewed my Kafka certificate and my old cert which is the only one in my truststore has expired,
but for some reason I can still connect to the my cluster with the old expired cert and even though the cluster has a new CA certificate.
Did anyone encountered this scenario?

[scholzj]

That is hard to say without having all the configurations, the certificates etc. By default, the renewal renews the public CA and keeps the private key. So the expired certificates can be used to verify he server and its new non-expired certificae? Maybe the client accepts that?