can't update due to ssl intercept

[Pesmai]

We recently deployed a vm of Remnux 7 in our environment (going from 6) we attempted to run remnux upgrade and this fails due to a "self signed certificate in certificate chain" This fails immediatly while trying to grab the remnux-salt-stats-v2020.33.6.tar.gz.asc

our systems go through an SSL proxy that does ssl inspection. I added our CA to the OS and the OS grabs what we need just fine, however. I cannot find where to put certs in place that would allow this to be fixed up. most googling shows how to push out CA certs and the like, but not add a trusted CA to salt itself.

if this is not possible, I would like to make this a feature request, if possible.

[ekristen]

I do not believe this will be possible with the current iteration of the CLI tool. It might be possible to add this in the future, but supporting custom CAs is difficult under the best circumstances.

[lennyzeltser]

As Erik said, the REMnux installer doesn't presently support custom CAs. Here's one idea worth trying:

Configure your REMnux environment to work with your SSL proxy just like you'd configure any Ubuntu 18.04 system. Then, instead of using the REMnix installer to upgrade or update your tools, invoke SaltStack directly as outlined in the REMnux Behind a Non-Transparent Proxy section of REMnux documentation.