I have a client application in production which make a TLS connexion to a server.
This server will get certified by a new CA in a short future (soon Amazon TrustStore service previously it was DigiCert).
For the moment it is still certified by DigiCert (openssl s_client -showcerts -connect ip:port return a certificate certified by DigiCert)
Is it possible to get the futur server certificate by requested Amazon truststore “repository” if the server is already registered near Amazon TrustStore service?
