Issue Description
This guide should not be necessary.
Podman should automatically detect SSL_CERT_FILE environment variable and setup certificates on startup.
Steps to reproduce the issue
Steps to reproduce the issue
- Use computer on network that does SSL interception like ZScaler
export SSL_CERT_FILE=/path/to/ca.pem
podman machine start
podman run hello-world
Describe the results you received
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello:latest...
Error: unable to copy from source docker://quay.io/podman/hello:latest: initializing source docker://quay.io/podman/hello:latest: pinging container registry quay.io: Get "https://quay.io/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
Describe the results you expected
Just works
podman info output
Client:
APIVersion: 5.8.1
BuildOrigin: pkginstaller
Built: 1773258905
BuiltTime: Wed Mar 11 15:55:05 2026
GitCommit: c6077f645788743258a1a749f8005b4fb3cbe533
GoVersion: go1.26.1
Os: darwin
OsArch: darwin/arm64
Version: 5.8.1
host:
arch: arm64
buildahVersion: 1.43.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- pids
- rdma
- misc
- dmem
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.13-2.fc43.aarch64
path: /usr/bin/conmon
version: 'conmon version 2.1.13, commit: '
cpuUtilization:
idlePercent: 99.48
systemPercent: 0.33
userPercent: 0.19
cpus: 5
databaseBackend: sqlite
distribution:
distribution: fedora
variant: coreos
version: "43"
emulatedArchitectures:
- linux/386
- linux/amd64
- linux/arm64be
eventLogger: journald
freeLocks: 2048
hostname: localhost.localdomain
idMappings:
gidmap: null
uidmap: null
kernel: 6.18.10-200.fc43.aarch64
linkmode: dynamic
logDriver: journald
memFree: 3342123008
memTotal: 3786649600
networkBackend: netavark
networkBackendInfo:
backend: netavark
defaultNetwork: podman
dns:
package: aardvark-dns-1.17.0-1.fc43.aarch64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.17.0
package: netavark-1.17.2-1.fc43.aarch64
path: /usr/libexec/podman/netavark
version: netavark 1.17.2
ociRuntime:
name: crun
package: crun-1.25.1-1.fc43.aarch64
path: /usr/bin/crun
version: |-
crun version 1.25.1
commit: 156ae065d4a322d149c7307034f98d9637aa92a2
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20260120.g386b5f5-1.fc43.aarch64
version: |
pasta 0^20260120.g386b5f5-1.fc43.aarch64-pasta
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: unix:///run/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.3.1-3.fc43.aarch64
version: |-
slirp4netns version 1.3.1
commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
libslirp: 4.9.1
SLIRP_CONFIG_VERSION_MAX: 6
libseccomp: 2.6.0
swapFree: 0
swapTotal: 0
uptime: 0h 28m 1.00s
variant: v8
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.additionalImageStores:
- /usr/lib/containers/storage
overlay.imagestore: /usr/lib/containers/storage
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphRootAllocated: 80999329792
graphRootUsed: 3723608064
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.8.1
BuildOrigin: 'Copr: packit/containers-podman-28250'
Built: 1773187200
BuiltTime: Tue Mar 10 20:00:00 2026
GitCommit: c6077f645788743258a1a749f8005b4fb3cbe533
GoVersion: go1.25.7 X:nodwarf5
Os: linux
OsArch: linux/arm64
Version: 5.8.1
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
Issue Description
This guide should not be necessary.
Podman should automatically detect
SSL_CERT_FILEenvironment variable and setup certificates on startup.Steps to reproduce the issue
Steps to reproduce the issue
export SSL_CERT_FILE=/path/to/ca.pempodman machine startpodman run hello-worldDescribe the results you received
Describe the results you expected
Just works
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting