I have a poudriere build system and pkgs are hosted via Nginx over HTTPS using an SSL cert signed by an internal CA.
Certs are installed onto hosts in /usr/local/etc/ssl/certs/ and works fine - until security/ca_nss_root is installed. When this is installed /etc/ssl/cert.pem takes precedence and I get SSL verify errors from pkg. To resolve the issue I have to append the internal CA root and intermediate certificates to /etc/ssl/cert.pem but this is reverted every time ca_nss_root is upgraded and I get verify errors again from pkg.
My question is: Where do I place my CA certs so that pkg will see them and I don't have to manually intervene?
Certs are installed onto hosts in /usr/local/etc/ssl/certs/ and works fine - until security/ca_nss_root is installed. When this is installed /etc/ssl/cert.pem takes precedence and I get SSL verify errors from pkg. To resolve the issue I have to append the internal CA root and intermediate certificates to /etc/ssl/cert.pem but this is reverted every time ca_nss_root is upgraded and I get verify errors again from pkg.
My question is: Where do I place my CA certs so that pkg will see them and I don't have to manually intervene?