There have been significant changes made on middleware side for certificates. I will be outlining them below and if there are any queries, please feel free to ping me here/slack. Thanks!

1. certificateauthoritynamespace has been removed and we do not support dedicated support for CAs anymore. What this means is that users won’t be able to create/manage CAs here.
2. This also means that we don’t have the ability to sign CSRs now
3. Certs cannot be revoked now as we are not managing CAs explicitly
4. Certificates cannot be created directly other then importing cert or creating one via ACME workflow

What still can be done is the following:
1. CSRs can be created (both by specifying various fields etc like before and importing CSR)
2. When creating certs (by that i mean importing them in scale), a cert can be imported now with just it’s public key as well and having a private key is not required.
3. ACME workflow should still work as desired

Some fields have been further normalized in certificate response, please let me know if you think there are any concerns wrt them.

Moving on, there is a related usage in KMIP service where user can specify certificate/certificate authority, now both of these values will come from certificate.queryas CAs can now just be imported in certificate service and we do not make a distinction ourselves if it is a CA or not.

Crypto plugin has also been moved from old api style to new api style on middlweare side which means schema has been normalized, please let me know if you run into any issues. Also ability to add `AuthorityKeyIdentifier` extension has been removed as this is not a valid extension for CSR and only CSRs can be created now.