HTTP reqeuests to console.redhat.com should be verified by TLS certificate, especially if the URL to Ingress will be configurable (like in Controller).

"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"

It should be present in the AAP RPMs, and it might be just installed with Hubs/Galaxy

If we are able to get the certificate, no action needed

If we cannot, we need to figure out a way to provide the certificate