In order to perform Satellite registration of images during initial boot, a CA must be enrolled into OS CA bundle. This could be done in the firstboot script just before Satellite registration, but we believe this would be a nice feature of its own.

The goal of this feature is to add support of adding one or more CA certificate files in concatenated PEM text format to be provided when new image is being build. During the build phase, the files would be copied to /etc/pki/ca-trust/source/anchors/ and the command update-ca-trust executed to refresh the OS CA cert bundle.

Expected outcome: A curl command in an instance booted up from such image can reach out to servers with CA provided during image mode without --insecure flag.