I have a customized CA. And installed it system-wise via security.pki.certificates = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "/etc/ssl/certs/step.crt"];
After that, some other tools seem work, for example, I can nerdctl push to address using TLS cert signed by the CA.
But cUrl does not work. It “unable to get local issuer certificate”.
What else should I do? Or cUrl just does not honor system CAs?