Merge "Add note about trusting the undercloud's CA certificate"

doc/source/install/advanced_deployment/ssl.rst

@@ -95,6 +95,11 @@ certificate store::
    sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/
    sudo update-ca-trust extract
 
+.. note:: If you're using a self-signed or autogenerated certificate for the
+          undercloud, the overcloud nodes will need to trust it. So the
+          contents of the certificate need to be set in the CAMap as described
+          in ":ref:`ca-trust`" section.
+
 Overcloud SSL
 -------------
 
@@ -294,6 +299,8 @@ Self-signed DNS-based certificate::
 .. note:: It is also possible to get the public certificate from a CA. See
           :doc:`../advanced_deployment/tls_everywhere`
 
+.. _ca-trust:
+
 Getting the overcloud to trust CAs
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~