OpenSearch not able trigger hot reload for Keycloak certificates

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

OpenSearch and Dashboards version 2.19.2

Describe the issue:

I am installing OpenSearch with Keycloak for authentication. I’ve also enabled hot reload in the OpenSearch configuration for automatic reload of TLS certificates which is working as expected. But I do observe that the hot reload functionality does not seem to detect change in Keycloak certificate and reload it.
Is it an expected behavior? If yes, then can we add this functionality?
If no, did I miss anything in config?

Configuration:

Config.yml

_meta:
  type: "config"
  config_version: 2
config:
  dynamic:
    authc:
      openid:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: openid
          challenge: true
          config:
            subject_key: preferred_username
            roles_key: roles
            openid_connect_url: https://<KEYCLOAK_DOMAIN>/realms/<REALM_NAME>/.well-known/openid-configuration
            openid_connect_idp:
              enable_ssl: true
              verify_hostnames: true
              pemtrustedcas_filepath: /path/to/trusted-ca.pem
        authentication_backend:
          type: noop

Enabled hot reload in the opnsearch config
plugins.security.ssl.certificates_hot_reload.enabled: true**

Relevant Logs or Screenshots**:

@rharidas yes this is by design, plugins.security.ssl.certificates_hot_reload.enabled only watches the OpenSearch node’s own HTTP/transport TLS certificate, not any of the external certificates. I would recommend to raise an feature request for this here