Since the Amazon S3 CRT-based client currently utilizes the operating system's CA file instead of the Java truststore, this has presented challenges for customers, such as those running Jira on Kubernetes (k8s) and using the Amazon S3 CRT client with an on-premises S3-compatible storage solution. To address this, a workaround was implemented by using an additional init container and volume mounts to add certificates and execute the update-ca-certificates command.

We propose enhancing the import certificate init container to automatically import additional certificates into the operating system's CA-certificates. This improvement would streamline the process for users and eliminate the need for manual workarounds, ensuring smoother integration and enhanced security for environments utilizing custom or additional CA certificates.