Hi!

I wanted to ask if there’s an alternative to using no_verify that would allow us to manually pass certificates via an environment variable or a path.

I’m facing an issue where I can’t place certificates into /etc/pki/ca-trust/source/anchors, since our user doesn’t have root access and we can’t run update-ca-trust.

For standard certificates, everything works fine, but when using a self-signed certificate, it fails with exactly the error described in the documentation:

❯ virsh -c 'vpx://administrator%40vsphere.local@10.185.151.30/nested8-devqedatacenter-1/host/nested8-devqecluster-1/10.185.151.31' dumpxml mnecas-fedora-server3
Enter administrator@vsphere.local's password for 10.185.151.30: 
error: failed to connect to the hypervisor
error: internal error: curl_easy_perform() returned an error: SSL peer certificate or SSH remote key was not OK (60) : SSL certificate problem: unable to get local issuer certificate

Relevant documentation: https://libvirt.org/drvesx.html

Request:
Is it possible to configure libvirt or virsh to use custom CA certificates without requiring root access, perhaps through an environment variable or a custom path?