During setup, additional Transport Layer Security (TLS) certificate checks are now performed to minimize issues caused by invalid or malformed certificates. These checks ensure certificates are in the correct PEM (Privacy-Enhanced Mail) format, are either single certificates or part of a sequential certificate chain, do not include private keys, and have not expired. The checks also verify that TLS private keys are not password protected, do not contain certificates, match the public key, and that the Certificate Authority (CA) certificate is a single x.509 PEM certificate with no private key. Additionally, the process confirms the presence of a publicly trusted root CA, where applicable.