diff --git a/.github/workflows/cli-coexistence_tests.yaml b/.github/workflows/cli-coexistence_tests.yaml
index d32f69301..b2d356c6f 100644
--- a/.github/workflows/cli-coexistence_tests.yaml
+++ b/.github/workflows/cli-coexistence_tests.yaml
@@ -14,6 +14,32 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v1
 
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+        id: go
+
+      - name: go cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Setup dependencies
+        run: |
+          make tools
+          echo "${PWD}/hack/tools/bin" >> $GITHUB_PATH
+          echo "${PWD}/bin" >> $GITHUB_PATH
+
+      - name: Build CLI Core
+        run: |
+          make build
+
       - name: Start local OCI registry
         run: |
           make start-test-central-repo
diff --git a/Makefile b/Makefile
index 4cff867c6..9aa8c0fa9 100644
--- a/Makefile
+++ b/Makefile
@@ -304,7 +304,7 @@ TANZU_CLI_COEXISTENCE_LEGACY_TANZU_CLI_VERSION = v0.28.1
 endif
 
 ifndef TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER
-TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER = yes
+TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER = no
 endif
 
 .PHONY: build-cli-coexistence ## Build CLI Coexistence docker image
@@ -316,7 +316,6 @@ build-cli-coexistence: start-test-central-repo
 		--build-arg TANZU_CLI_COEXISTENCE_LEGACY_TANZU_CLI_VERSION=$(TANZU_CLI_COEXISTENCE_LEGACY_TANZU_CLI_VERSION) \
 		--build-arg TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL) \
 		--build-arg TANZU_CLI_PRE_RELEASE_REPO_IMAGE=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL) \
-		--build-arg TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_VERIFICATION_SKIP_LIST=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL) \
 		--build-arg TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER=$(TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER) \
 		-t cli-coexistence \
 		.
@@ -333,7 +332,10 @@ cli-coexistence-tests:start-test-central-repo
 	  -e TANZU_CLI_PRE_RELEASE_REPO_IMAGE=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL) \
 	  -e TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_VERIFICATION_SKIP_LIST=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_URL) \
 	  -e TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER=$(TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER) \
+	  -e TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_HOST=$(TANZU_CLI_E2E_TEST_LOCAL_CENTRAL_REPO_HOST)  \
 	  -v $(ROOT_DIR):/tmp/tanzu-cli/ \
+	  -v $(ROOT_DIR)/hack/central-repo/certs:/localhost_certs/ \
+	  -v $(ROOT_DIR)/hack/central-repo/cosign-key-pair:/cosign-key-pair/ \
 	  -w /tmp/tanzu-cli/ \
 	  cli-coexistence \
 	  ${GO} test ${GOTEST_VERBOSE}  ./test/e2e/coexistence... --ginkgo.v --ginkgo.randomize-all --ginkgo.trace --ginkgo.json-report=coexistence-tests.json
diff --git a/test/e2e/coexistence/cli_coexistence_suite_test.go b/test/e2e/coexistence/cli_coexistence_suite_test.go
index 2ee0c6d37..b0bd578a8 100644
--- a/test/e2e/coexistence/cli_coexistence_suite_test.go
+++ b/test/e2e/coexistence/cli_coexistence_suite_test.go
@@ -27,6 +27,9 @@ var (
 
 	e2eTestLocalCentralRepoURL string
 
+	e2eTestLocalCentralRepoCACertPath                                 string
+	e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath string
+
 	// PluginsForLegacyTanzuCLICoexistenceTests is list of plugins (which are published in local central repo) used in plugin life cycle test cases
 	PluginsForLegacyTanzuCLICoexistenceTests []*framework.PluginInfo
 
@@ -57,6 +60,10 @@ var _ = ginkgo.BeforeSuite(func() {
 	newTanzuCLIVersion = os.Getenv(framework.CLICoexistenceNewTanzuCLIVersion)
 	gomega.Expect(newTanzuCLIVersion).NotTo(gomega.BeEmpty(), fmt.Sprintf("new tanzu CLI %s should be set", framework.CLICoexistenceNewTanzuCLIVersion))
 
+	// test local central repository CA certs are mounted at path /cosign-key-pair in docker
+	e2eTestLocalCentralRepoCACertPath = "/localhost_certs/localhost.crt"
+	e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath = "/cosign-key-pair/cosign.pub"
+
 	// verify the legacy Tanzu CLI installation path is set
 	legacyTanzuCLIInstallationPath := os.Getenv(framework.CLICoexistenceLegacyTanzuCLIInstallationPath)
 	gomega.Expect(legacyTanzuCLIInstallationPath).NotTo(gomega.BeEmpty(), fmt.Sprintf("legacy tanzu CLI installation path %s should be set", framework.CLICoexistenceLegacyTanzuCLIInstallationPath))
diff --git a/test/e2e/coexistence/cli_coexistence_test.go b/test/e2e/coexistence/cli_coexistence_test.go
index 96f108418..47fe1237e 100644
--- a/test/e2e/coexistence/cli_coexistence_test.go
+++ b/test/e2e/coexistence/cli_coexistence_test.go
@@ -4,12 +4,14 @@
 package coexistence_test
 
 import (
+	"fmt"
+	"os"
+
 	"github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
 
-	pluginlifecyclee2e "github.com/vmware-tanzu/tanzu-cli/test/e2e/plugin_lifecycle"
-
 	"github.com/vmware-tanzu/tanzu-cli/test/e2e/framework"
+	pluginlifecyclee2e "github.com/vmware-tanzu/tanzu-cli/test/e2e/plugin_lifecycle"
 )
 
 var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
@@ -87,6 +89,12 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 			gomega.Expect(version).To(gomega.ContainSubstring(newTanzuCLIVersion))
 			gomega.Expect(err).To(gomega.BeNil())
 
+			// set up the test local central repository host CA cert in the config file
+			setTestLocalCentralRepoCertConfig([]framework.E2EOption{framework.WithTanzuCommandPrefix(framework.TzPrefix)})
+
+			// set up the local central repository discovery image signature public key path
+			os.Setenv("TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_PUBLIC_KEY_PATH", e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath)
+
 			ginkgo.By("Update plugin discovery source with test central repo")
 			_, err = tf.PluginCmd.UpdatePluginDiscoverySource(&framework.DiscoveryOptions{Name: "default", SourceType: framework.SourceType, URI: e2eTestLocalCentralRepoURL}, framework.WithTanzuCommandPrefix(framework.TzPrefix))
 			gomega.Expect(err).To(gomega.BeNil(), "should not get any error for plugin source update")
@@ -156,6 +164,12 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 			gomega.Expect(version).To(gomega.ContainSubstring(newTanzuCLIVersion))
 			gomega.Expect(err).To(gomega.BeNil())
 
+			// set up the test local central repository host CA cert in the config file
+			setTestLocalCentralRepoCertConfig([]framework.E2EOption{})
+
+			// set up the local central repository discovery image signature public key path
+			os.Setenv("TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_PUBLIC_KEY_PATH", e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath)
+
 			ginkgo.By("Update plugin discovery source with test central repo")
 			_, err = tf.PluginCmd.UpdatePluginDiscoverySource(&framework.DiscoveryOptions{Name: "default", SourceType: framework.SourceType, URI: e2eTestLocalCentralRepoURL})
 			gomega.Expect(err).To(gomega.BeNil(), "should not get any error for plugin source update")
@@ -220,6 +234,12 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 			gomega.Expect(version).To(gomega.ContainSubstring(newTanzuCLIVersion))
 			gomega.Expect(err).To(gomega.BeNil())
 
+			// set up the test local central repository host CA cert in the config file
+			setTestLocalCentralRepoCertConfig([]framework.E2EOption{})
+
+			// set up the local central repository discovery image signature public key path
+			os.Setenv("TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_PUBLIC_KEY_PATH", e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath)
+
 			ginkgo.By("Update plugin discovery source with test central repo")
 			_, err = tf.PluginCmd.UpdatePluginDiscoverySource(&framework.DiscoveryOptions{Name: "default", SourceType: framework.SourceType, URI: e2eTestLocalCentralRepoURL})
 			gomega.Expect(err).To(gomega.BeNil(), "should not get any error for plugin source update")
@@ -294,6 +314,12 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 			gomega.Expect(version).To(gomega.ContainSubstring(newTanzuCLIVersion))
 			gomega.Expect(err).To(gomega.BeNil())
 
+			// set up the test local central repository host CA cert in the config file
+			setTestLocalCentralRepoCertConfig([]framework.E2EOption{framework.WithTanzuCommandPrefix(framework.TzPrefix)})
+
+			// set up the local central repository discovery image signature public key path
+			os.Setenv("TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_PUBLIC_KEY_PATH", e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath)
+
 			ginkgo.By("Update plugin discovery source with test central repo")
 			_, err = tf.PluginCmd.UpdatePluginDiscoverySource(&framework.DiscoveryOptions{Name: "default", SourceType: framework.SourceType, URI: e2eTestLocalCentralRepoURL}, framework.WithTanzuCommandPrefix(framework.TzPrefix))
 			gomega.Expect(err).To(gomega.BeNil(), "should not get any error for plugin source update")
@@ -368,6 +394,12 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 			gomega.Expect(version).To(gomega.ContainSubstring(newTanzuCLIVersion))
 			gomega.Expect(err).To(gomega.BeNil())
 
+			// set up the test local central repository host CA cert in the config file
+			setTestLocalCentralRepoCertConfig([]framework.E2EOption{})
+
+			// set up the local central repository discovery image signature public key path
+			os.Setenv("TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_PUBLIC_KEY_PATH", e2eTestLocalCentralRepoPluginDiscoveryImageSignaturePublicKeyPath)
+
 			ginkgo.By("Update plugin discovery source with test central repo")
 			_, err = tf.PluginCmd.UpdatePluginDiscoverySource(&framework.DiscoveryOptions{Name: "default", SourceType: framework.SourceType, URI: e2eTestLocalCentralRepoURL})
 			gomega.Expect(err).To(gomega.BeNil(), "should not get any error for plugin source update")
@@ -522,3 +554,13 @@ var _ = ginkgo.Describe("CLI Coexistence Tests", func() {
 	})
 
 })
+
+func setTestLocalCentralRepoCertConfig(options []framework.E2EOption) {
+	e2eTestLocalCentralRepoPluginHost := os.Getenv(framework.TanzuCliE2ETestLocalCentralRepositoryHost)
+	gomega.Expect(e2eTestLocalCentralRepoPluginHost).NotTo(gomega.BeEmpty(), fmt.Sprintf("environment variable %s should set with local central repository host", framework.TanzuCliE2ETestLocalCentralRepositoryHost))
+
+	// set up the CA cert fort local central repository
+	_ = tf.Config.ConfigCertDelete(e2eTestLocalCentralRepoPluginHost, options...)
+	_, err := tf.Config.ConfigCertAdd(&framework.CertAddOptions{Host: e2eTestLocalCentralRepoPluginHost, CACertificatePath: e2eTestLocalCentralRepoCACertPath, SkipCertVerify: "false", Insecure: "false"}, options...)
+	gomega.Expect(err).To(gomega.BeNil())
+}
diff --git a/test/e2e/framework/config_lifecycle_operations.go b/test/e2e/framework/config_lifecycle_operations.go
index f1fc20117..9315ac976 100644
--- a/test/e2e/framework/config_lifecycle_operations.go
+++ b/test/e2e/framework/config_lifecycle_operations.go
@@ -51,7 +51,7 @@ type ConfigCertOps interface {
 	ConfigCertAdd(certAddOpts *CertAddOptions, opts ...E2EOption) (string, error)
 
 	// ConfigCertDelete deletes cert config for a host, and returns error info
-	ConfigCertDelete(hostname string, opts ...E2EOption) error
+	ConfigCertDelete(host string, opts ...E2EOption) error
 }
 
 type ConfigCmdOps interface {