Honour trusted certificates of host

[samwmarsh]

The needs

Hey, when working in environments with self-signed certificates that are pre-installed to a host VM, I've noticed that exegol doesn't respect these trusted certificates and they have to be added directly. It would be great if there was a flag / default behavior to honor those from the host.

Description

A flag / default behavior to inherit trusted certificates from host VM.

Alternatives

No response

Additional context

No response

[Dramelac]

Hello Thank you for the feedback, so far exegol is an independent environment so we didn't had so far this kind of need to share CA trust from the host. Also, exegol need to have a RW access to the shared CA because exegol have it's own CA to trust (like Burp or other proxy tools) and those must not be trusted be the host so we cant just have a shared volume. However, maybe we can add this feature to my-resources this way, the user can have host trusted CA and some specifc CA trusted by Exegol. Would this workaround be a good match for your use case ? I think this feature is already in the roadmap if not already shipped in nightly, @ShutdownRepo any info on this ?

[ShutdownRepo]

Feature is shipped in nightly, you now have (in nightly) the ability to trust custom CAs, soon in production images. See https://exegol.readthedocs.io/en/dev-images/exegol-image/my-resources.html#firefox-addons-certs

[ShutdownRepo]

Oh also, automatically honoring already-trusted-CAs from the host is not easy as they could be trusted in the OS store (which differs depending on the OS), in the browser, etc. The best way for Exegol containers to trust specific CAs would be to add them in the my-resources feature mentioned above imo

[samwmarsh]

Amazing thank you! That's exactly what I was looking for!