When utilizing Artifactory, if the artifactory service you connect to is on a domain that isn't signed by the common CAs (common for airgapped environments), then Code Marketplace won't be able to connect to the Artifactory instance due to x509 errors:

2023-03-09 19:12:53.155 [ERROR] <artifactory.go:346> Error reading extensions {"request_id": "808d1d25-2b7b-4294-8d01-7aa47dc415e8", "error": "Get \"https://artifactory.local.domain/artifactory/api/storage/vscode-extensions?list\u0026deep=1\u0026depth=3\u0026listFolders=1\": x509: certificate signed by unknown authority"}

This could be solved by supporting custom CAs:
MVP:

• Add ca-certificates to the dockerfile
• Add helm values to allow the user to pass in a secret with all the required CAs, one per data element (PEM encoded).
• Update deployment template to volume mount these secrets and run an update-ca-certificates at the start.

non-MVP Possible other changes:

1. Figure out how to allow them to specify a set of secrets that contain one or more cert files, and process all of those.