val rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .build()
    val intermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)
        .serialNumber(2L)
        .commonName("intermediate_ca")
        .build()
    val certificate =

    platform.assumeNotConscrypt()
    platform.assumeNotBouncyCastle()

    val clientRoot =
      HeldCertificate
        .Builder()
        .certificateAuthority(1)
        .build()
    val clientIntermediate =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .signedBy(clientRoot)
        .build()
    val clientCertificate =
      HeldCertificate
        .Builder()

      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .addSubjectAlternativeName("root_ca.com")
        .build()
    serverIntermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(serverRootCa)
        .certificateAuthority(0)
        .serialNumber(2L)
        .commonName("intermediate_ca")

    platform.assumeNotBouncyCastle()
    platform.assumeNotConscrypt()
    val clientCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)

    platform.assumeNotBouncyCastle()
    platform.assumeNotConscrypt()

    val clientCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)

  @BeforeEach
  fun setUp() {
    platform.assumeHttp2Support()
    platform.assumeNotBouncyCastle()
    rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(0)
        .commonName("root")
        .build()
    certificate =
      HeldCertificate
        .Builder()
        .signedBy(rootCa)
        .serialNumber(2L)
        .commonName(server.hostName)

     * certificates). Set this to 1 so this certificate can sign intermediate certificates that can
     * themselves sign certificates. Add one for each additional layer of intermediates to permit.
     */
    fun certificateAuthority(maxIntermediateCas: Int) =
      apply {
        require(maxIntermediateCas >= 0) {
          "maxIntermediateCas < 0: $maxIntermediateCas"
        }
        this.maxIntermediateCas = maxIntermediateCas

    builder = builder.keyPair(keyPair)
    builder = builder.keyPair(keyPair.public, keyPair.private)
    builder = builder.signedBy(HeldCertificate.Builder().build())
    builder = builder.certificateAuthority(0)
    builder = builder.ecdsa256()
    builder = builder.rsa2048()
    val heldCertificate: HeldCertificate = builder.build()
  }

  @Test
  fun javaNetAuthenticator() {

- Kubeadm: tried to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig. ([#111783](https://github.com/kubernetes/kubernetes/pull/111783), [@SataQiu](https://github.com/SataQiu))