removed in 8.5

versioned_docs/version-8.5/self-managed/setup/deploy/openshift/redhat-openshift.md

@@ -332,37 +332,6 @@ tasklist:
 The actual configuration properties can be reviewed [in the Tasklist configuration documentation](/self-managed/tasklist-deployment/tasklist-configuration.md#zeebe-broker-connection).
 
 5. For Connectors:
-   :::note
-
-The following will no longer be required when [the Connectors component supports PKCS #1 and PKCS #8](https://github.com/camunda/connectors/issues/2806).
-
-:::
-
-The Connectors component only accepts a `jks` (Java KeyStore) certificate.
-If you have followed our previous recommendation of generating a TLS certificate using the OpenShift annotation, you will have a `PKCS #1` certificate the Connectors component will not accept.
-
-Below are a number of commands that convert the `PKCS #1` certificate generated by OpenShift to a `jks` format the Connectors component accepts:
-
-```bash
-# Grab OpenShift generated TLS certificate.
-kubectl get secret -n camunda camunda-zeebe-gateway -o jsonpath="{.data['tls\.crt']}" | base64 --decode > tls.crt
-# Grab OpenShift generated TLS key.
-kubectl get secret -n camunda camunda-zeebe-gateway -o jsonpath="{.data['tls\.key']}" | base64 --decode > zeebe-key.key
-# Convert Zeebe Gateway unencrypted TLS key to an encrypted key. You will be prompted to enter a password when running this command. Note down the password:
-openssl pkcs8 -topk8 -inform PEM -outform PEM -in ./zeebe-key.key -out ./zeebe-encrypted-key-gen.pem -v2 des3
-# Convert PKCS #1 certificate to PKCS #12. Again, you will be prompted to enter the password.
-openssl pkcs12 -export -in tls.crt -inkey zeebe-encrypted-key-gen.pem -out zeebe-p12-certificate.p12 -name "certificate"
-# Convert PKCS #12 certificate to jks cert.
-keytool -importkeystore -srckeystore zeebe-p12-certificate.p12 -srcstoretype pkcs12 -destkeystore keystore.jks
-```
-
-Create a generic TLS secret from the `jks` file:
-
-```bash
-kubectl create secret generic keystore -n camunda --from-file keystore.jks
-```
-
-Once the secret is created, follow the below example `values.yaml` config:
 
 ```yaml
 connectors:
@@ -373,18 +342,24 @@ connectors:
       value: "camunda-zeebe-gateway.camunda.svc.cluster.local:26500"
     - name: ZEEBE_CLIENT_SECURITY_PLAINTEXT
       value: "false"
-    - name: JAVA_TOOL_OPTIONS
-      value: "-Djavax.net.ssl.trustStore=/usr/local/certificates/keystore.jks -Djavax.net.ssl.trustStorePassword=changeit"
+    - name: CAMUNDA_CLIENT_ZEEBE_CACERTIFICATEPATH
+      value: /usr/local/certificates/tls.crt
   extraVolumeMounts:
-    - name: keystore
-      readOnly: true
-      mountPath: /usr/local/certificates
+    - name: certificate
+      mountPath: /usr/local/certificates/tls.crt
+      subPath: tls.crt
   extraVolumes:
-    - name: keystore
+    - name: certificate
       secret:
-        secretName: keystore
+        secretName: camunda-platform-internal-service-certificate
+        items:
+          - key: tls.crt
+            path: tls.crt
+        defaultMode: 420
 ```
 
+The actual configuration properties can be reviewed [in the Connectors configuration documentation](/self-managed/connectors-deployment/connectors-configuration.md#zeebe-broker-connection).
+
 6. Configure all other applications running inside the cluster and connecting to the Zeebe Gateway to also use TLS.
 
 <!--Intended space left for not breaking the build!-->