On these systems /etc/pki/tls/certs/ca-bundle.crt is provided as a legacy mechanism and isn't updated with system-wide installed roots by default. This behavior can be changed by running update-ca-trust enable but it would be better to just use the correct path. See https://www.unix.com/man-page/centos/8/update-ca-trust/ for details.
Note that the legacy path still exists, so the new path needs to come before it in the search order.
alexcrichton
commented
6 years ago
On these systems
/etc/pki/tls/certs/ca-bundle.crtis provided as a legacy mechanism and isn't updated with system-wide installed roots by default. This behavior can be changed by runningupdate-ca-trust enablebut it would be better to just use the correct path. See https://www.unix.com/man-page/centos/8/update-ca-trust/ for details.Note that the legacy path still exists, so the new path needs to come before it in the search order.