Recently, we have seen many issues where EVE didn't properly handle a change in the controller signing certificate. It would be therefore beneficial to prepare an eden test in which the signing certificate used by Adam is changed after device is onboarded. This can be combined with poor network connectivity (which can be modeled with eden), etc. (conditions that triggered aforementioned issues).

However, even though there is a POST method declared for /certs (to presumably change the controller certificate), it is not implemented. Handler apiv2.certs does not check the request method type and always behaves as GET method, returning the set of installed certificates.

Edit: As pointed out by @giggsoff, instead of using the mentioned /certs endpoint, which is actually used between EVE and Adam, we should add a new POST method under the Admin handler, that could be then used from Eden CLI to update the controller certificate in runtime.

CC @eriknordmark @rouming