Regular client to server communication can be encrypted with just a .crt and .key pair.
SST replication scripts usually allow encrypt=3, which is just .crt and .key and no verification of the ca cert.
It looks like some versions of Percona server allow the same for galera replication traffic. But we cannot find this for MariaDB. Do you know of any config variable or argument that could be employed to disable verification with the CA certificate?