Rancher Generated Certificates issues with Harvester integration

Hi, I’m in the process of installing Rancher using the following values file:

    source: rancher
  enabled: false
  type: NodePort

Once Rancher is up and running, I’m attempting to integrate the Harvester cluster.
The process involves navigating to Rancher’s UI → ‘virtualization management’ → ‘import existing’ → create → copy the generated URL.

Next, in the Harvester UI, I navigate to ‘advanced’ → ‘settings’ → ‘cluster-registration-url’ and paste the generated URL.

Following this, Harvester initiates the cattle-cluster-agent, but encounters an issue verifying the certificate. It tries to download ‘cacerts’ from https://rancher-url/v3/settings/cacerts.

Upon investigation, it appears that when Rancher is installed with tls.source=rancher, it creates:

  • tls-rancher-internal-ca for signing tls-rancher-internal
  • tls-rancher for signing serving-cert

Querying https://rancher-url/v3/settings/cacerts retrieves the certificate for tls-rancher.
However, when connecting to the cluster connection URL generated by Rancher, it serves tls-rancher-internal. Since tls-rancher and tls-rancher-internal are not related in any way, it’s leading to the failure of ‘cattle-cluster-agents.’

I’m uncertain whether I’ve missed a step during Rancher installation resulting in invalid configurations or if this issue is a bug.