Ok, I’ve managed to answer my one question. In your values.yaml file, right at he bottom there is a secret section with tls. You can specify the secret to the first/primary cluster CA in here, then it will not create a new CA for the secondary cluster and instead use the CA of the primary cluster.
....
tls:
# This should be the name of a secret that contains certificates.
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
# If not set the Helm chart will attempt to create certificates
# for you [not recommended for prod]:
cluster: cluster1-ca-cert
# This should be the name of a secret that contains certificates.
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
# If not set the Helm chart will attempt to create certificates
# for you [not recommended for prod]:
internal: cluster1-ssl-internal
With the above in place, I’ve managed to moved past the certificate verify failed error, however now getting an auth error:
{"log":"2023-11-13T13:03:34.435554Z 27 [ERROR] [MY-010584] [Repl] Slave I/O for channel 'cluster1_to_cluster2': error connecting to master 'replication@cluster1:3306' - retry-time: 60 retries: 1 message: Access denied for user 'replication'@'cluster2' (using password: YES), Error_code: MY-001045\n","file":"/var/lib/mysql/mysqld-error.log"}