I am operating an install with a Web Application Proxy in between. This proxy inspects outbound traffic by intercepting HTTPS connections.

This is problematic for automatic updates checking, etc since the SSL Context in middlewared will always by unable to validate a self-signed certificates.

If I take the certificates that are put into `/etc/ssl/truenas_cacerts.pem` and append them to `/etc/ssl/cert.pem` (/usr/local/share/certs/ca/ca-root-nss.crt via symlink) then everything works as expected.

I attempted to use `openssl rehash` to create hashes and add them to `/etc/ssl/certs` but that directory doesn't appear to be respected by the Python `ssl` library. When doing that, a `curl` based test begins to work.

Options I can see:
1) Make `generate_ssl_certs.py` manage adding the `/etc/ssl/truenas_cacerts.pem` to `ca-root-nss.crt). This has the issue of having to keep a copy of the original set so they can be merged and updated. This is a problem too if a `pkg install` is done to ca_root_nss.

2) See why the Python `ssl` library default context isn't using the `/etc/ssl/certs` directory and just do a hash and symlink operation. This would be idempotent.