Update docs for sts auth (#2229)

#### Reference Issues/PRs
<!--Example: Fixes #1234. See also #3456.-->
https://man312219.monday.com/boards/7852509418/pulses/8615374613

#### What does this implement or fix?
Update STS auth docs 
#### Any other comments?

#### Checklist

<details>
  <summary>
   Checklist for code changes...
  </summary>
 
- [ ] Have you updated the relevant docstrings, documentation and
copyright notice?
- [ ] Is this contribution tested against [all ArcticDB's
features](../docs/mkdocs/docs/technical/contributing.md)?
- [ ] Do all exceptions introduced raise appropriate [error
messages](https://docs.arcticdb.io/error_messages/)?
 - [ ] Are API changes highlighted in the PR description?
- [ ] Is the PR labelled as enhancement or bug so it appears in
autogenerated release notes?
</details>

<!--
Thanks for contributing a Pull Request to ArcticDB! Please ensure you
have taken a look at:
- ArcticDB's Code of Conduct:
https://github.com/man-group/ArcticDB/blob/master/CODE_OF_CONDUCT.md
- ArcticDB's Contribution Licensing:
https://github.com/man-group/ArcticDB/blob/master/docs/mkdocs/docs/technical/contributing.md#contribution-licensing
-->

Author: phoebusm

docs/mkdocs/docs/api/arctic_uri.md

@@ -22,8 +22,8 @@ Available options for S3:
 | access                | S3 access key                                                                                                                                                   |
 | secret                | S3 secret access key                                                                                                                                            |
 | path_prefix           | Path within S3 bucket to use for data storage                                                                                                                   |
-| aws_auth              | AWS authentication method. If setting is `default` (or `true` for backward compatibility), authentication to endpoint will be computed via [AWS default credential provider chain](https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/credproviders.html). If setting is `sts`, AWS Security Token Service (STS) will be the authentication method used. If no options are provided AWS authentication will not be used and you should specify access and secret in the URI. More info is provided below |
-| aws_profile           | Only when `aws_auth` is set to be `sts`. AWS profile to be used with AWS Security Token Service (STS). More info is provided below |
+| aws_auth              | AWS authentication method. If setting is `default` (or `true` for backward compatibility), authentication to endpoint will be computed via [AWS default credential provider chain](https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/credproviders.html). If setting is `sts`, AWS Security Token Service (STS) will be the authentication method used. If no options are provided AWS authentication will not be used and you should specify access and secret in the URI. More info about `sts` is provided [here](https://docs.arcticdb.io/latest/aws/#aws-security-token-service-sts-setup) |
+| aws_profile           | Only when `aws_auth` is set to be `sts`. AWS profile to be used with AWS Security Token Service (STS). More info about `sts` is provided [here](https://docs.arcticdb.io/latest/aws/#aws-security-token-service-sts-setup) |
 
 Note: When connecting to AWS, `region` can be automatically deduced from the endpoint if the given endpoint
 specifies the region and `region` is not set.

docs/mkdocs/docs/aws.md

@@ -83,7 +83,7 @@ s3.delete_object(Bucket=bucket, Key='_arctic_check/check.txt')
 ```
 The check object written in that script should not interfere with normal ArcticDB operation on the bucket.
 
-# AWS Security Token Service (STS) setup
+## AWS Security Token Service (STS) setup
 
 STS allows users to assume specfic roles in order to gain temporary access to AWS resources. Please refer to [the offical website](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) for more details.
 To use it with ArcticDB, please setup the credential in the AWS shared **config** file.
@@ -131,3 +131,17 @@ This error suggests problems with configuration file. Check Role Arn and base so
 arcticdb_ext.exceptions.StorageException: E_S3_RETRYABLE Retry-able error: S3Error#99 : Encountered network error when sending http request for object '_arctic_cfg/cref/'
 ```
 A loss of network connectivity could trigger such an error. Note, that this error will appear after several attempts to re-establish the connection
+### Custom CA cert support
+
+Due to a known [issue](https://github.com/aws/aws-sdk-cpp/issues/2920) in AWS C++ SDK, STS authentication users on below OS are required to turn off [S3Storage.VerifySSL](https://docs.arcticdb.io/latest/runtime_config/#s3storageverifyssl):
+* RHEL Distributions with custom CA cert
+* Other Linux distributions
+
+The workaround is making symlink for the CA cert in use to `/etc/pki/tls/certs`.
+Below is the *example* of doing so for the default CA cert in Ubuntu:
+
+```
+ln -s /usr/lib/ssl/cert.pem /etc/pki
+ln -s /usr/lib/ssl/certs /etc/pki/tls/certs
+ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
+```