How-to-simply...

Make curl work with self-signed Root CA inside podman container on RHEL

  • 1 Add RootCA.crt file to /etc/pki/ca-trust/source/anchors/
  • 2 update-ca-trust && \
    trust list | grep <Your_Certificate_Subject>
  • 3 WARNING: May break other services running on the system, do not run if you don't understand SE Linux:
    semanage fcontext -a -t container_file_t "/etc/pki/ca-trust/extracted/pem(/.+)?"
  • 4 restorecon -Frv /etc/pki/ca-trust/extracted/pem
  • 5 Volume=/etc/pki/ca-trust/extracted/pem:/etc/pki/ca-trust/extracted/pem:ro
  • N Do not use :Z option for this volume mount as it would cause SE Linux relabel with lsetxattr operation not permitted.

References