I am currently running VyOS 1.4-rolling-202107122017, which uses files and file paths in the config for certificates. For me, I am using the ethernet eapol option. When upgrading to a release that uses certstore (for me, specifically VyOS 1.4-rolling-202112310821, the upgrade attempts to convert but I noticed that the conversion produces a single ca in the certstore. This cert is in a format of (shortened to reduce text wall).
-----BEGIN CERTIFICATE----- PublicKeyHere01 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- PublicKeyHere02 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- PublicKeyHere03 -----END CERTIFICATE-----
The upgrade process does not seem to recognize a single file with multiple certificates in it, it treats it as a single certificate no matter what.
Additionally, eapol eventually kicks off a wpa_supplicant command and somehow passes the certificates to that binary (when running by hand, I pre-populate a file with file paths, I am not sure if VyOS does the same or not). I suspect this could also be an issue since the certificates would no longer be in a single "file".