I’m using NixOS(newbie to linux) and trying to make the system trust a custom TLS certificate used by a proxy tool (Hiddify, which is based on V2Ray/Xray). The application connects to a TLS server with a custom or untrusted certificate, and it fails with:
x509: certificate signed by unknown authority
To fix this, I saved the leaf certificate (retrieved using openssl) to:
/etc/ssl/certs/hiddify-bpb.crt
Then I added the following to my configuration.nix:
security.pki.certificateFiles = [
"/etc/ssl/certs/hiddify-bpb.crt"
];
However, when I run sudo nixos-rebuild switch, I get this error:
raise FileNotFoundError(f"Bundle not found: {bundle_path}")
FileNotFoundError: Bundle not found: /etc/ssl/certs/hiddify-bpb.crt
I confirmed the file exists with copying the error path to ls, so it’s not missing.
Questions:
-
Why does NixOS fail to find this certificate even though it’s present?
-
What is the correct way to include a non-Nix-store certificate in security.pki.certificateFiles?
-
Is there a better Nix-native way to import or trust a custom certificate like this?
-
is this the actual solution or even the actual problem???
Any help would be appreciated thank you all!