Foreman SSO with keycloak and self signed cert

Problem: I set up a keycloak with self signed SSL and also connected it to foreman. When I am trying to login with keycloak apparently I cannot verify the SSL even tough I added the CA to /etc/pki/ca-trust/source/anchors/

Expected outcome:
Succesfull login and verification of SSL

Foreman and Proxy versions:
Foreman 2.3

Distribution and version:

Other relevant data:
2022-02-04T16:17:37 [I|app|e3cca12e] Processing by DashboardController#index as HTML 2022-02-04T16:17:37 [W|app|e3cca12e] Failed to load the JWKS 2022-02-04T16:17:37 [I|app|e3cca12e] Backtrace for 'Failed to load the JWKS' error (RestClient::SSLCertificateNotVerified): SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)

Anyone has any idea where I should include the CA so foreman considers it when attempting to talk to keycloak?

Quick fix for now even if this is no recommended was to edit /usr/share/foreman/app/services/oidc_jwt_validate.rb and set verify: false

Still looking for where to add aditional CA certificate, my guessing is that maybe foreman does not look for CA certs in the CA certs of the OS?

Solved it apparently:

Edit the following lines in /etc/foreman-installer/scenarios.d/foreman-answers.yaml:

#TLS CA bundle from linux after CA cert is added
server_ssl_ca: “/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem”