[All Platforms]Proxy CA certificate not injected into sandbox trust store — all TLS connections fail

[zNeill]

Description

[Description] The OpenShell gateway proxy performs MITM TLS termination on all HTTPS CONNECT tunnels, re-signing with its own CA. However, the sandbox container's /etc/ssl/certs/ does not include this CA, causing all TLS connections through the proxy to fail. Affects git, curl, node https, and any other TLS client inside the sandbox.

[Environment]

• Device: macOS 26.0.1 (arm64)
• NemoClaw: v0.0.14 | OpenShell: 0.0.26

[Steps to Reproduce]

nemoclaw test11 policy-add   # select github
nemoclaw test11 connect
git clone https://github.com/octocat/Hello-World.git /tmp/test

[Expected Result] git clone succeeds

[Actual Result]

fatal: unable to access 'https://github.com/octocat/Hello-World.git/':
  server certificate verification failed. CAfile: none CRLfile: none

Workaround: GIT_SSL_NO_VERIFY=true bypasses the error

[Root Cause] The sandbox image build does not inject the gateway proxy's CA certificate into /etc/ssl/certs/ or run update-ca-certificates. The proxy CA only exists on the gateway side; the sandbox is unaware of it.

[Suggested Fix] Automatically inject the gateway proxy CA cert into the sandbox container's trust store during sandbox creation.

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL

---

[NVB# 6072119]

[NVB#6072119]

[laitingsheng]

This is probably an upstream issue as in NVIDIA/OpenShell#790

[hulynn]

+1, reproduced on a different platform — WSL2 x86_64 with NemoClaw v0.0.21.

Environment

• Windows 11 build 10.0.28000.1836
• WSL2 Ubuntu 24.04.4 LTS (Noble), kernel 6.6.87.2-microsoft-standard-WSL2, x86_64
• Node v22.22.2, npm 10.9.7, Docker CE 29.4.1
• OpenShell 0.0.26, NemoClaw v0.0.21, OpenClaw 2026.4.2 (d74a122)
• Sandbox sec, ● github preset applied (policy version 11, hash fb6c4ab1575a)

Reproduction

Step 1 — policy state confirmed correct, github preset active on gateway:

$ nemoclaw sec policy-list | grep github
    ● github — GitHub.com and GitHub API access (git, gh)

Step 2 — inside sandbox, git clone fails with the CA-trust symptom described in this bug (server certificate verification failed, CAfile: none):

sandbox@sec:~$ git clone https://github.com/octocat/Hello-World.git /tmp/test-repo
Cloning into '/tmp/test-repo'...
fatal: unable to access 'https://github.com/octocat/Hello-World.git/':
       server certificate verification failed. CAfile: none CRLfile: none

Step 3 — confirming the policy itself is not the problem (traffic is allowed through the gateway, git just can't verify the MITM-terminated TLS cert): retry with TLS verify disabled succeeds:

sandbox@sec:~$ GIT_SSL_NO_VERIFY=true git clone https://github.com/octocat/Hello-World.git /tmp/test-repo
Cloning into '/tmp/test-repo'...
sandbox@sec:~$ ls -la /tmp/test-repo/
drwxr-xr-x 8 sandbox sandbox 4096 Apr 21 12:55 .git
-rw-r--r-- 1 sandbox sandbox   13 Apr 21 12:55 README

Step 4 — CA-trust state inside sandbox (same missing-bundle pattern reported originally):

sandbox@sec:~$ ls /etc/ssl/certs/ca-certificates.crt 2>&1
ls: cannot access '/etc/ssl/certs/ca-certificates.crt': No such file or directory
sandbox@sec:~$ ls /usr/local/share/ca-certificates/ 2>&1
(empty)
sandbox@sec:~$ curl --version | grep -i ssl
OpenSSL/3.0.13

Scope

• Blocks every TLS-verifying binary inside the sandbox when traffic goes through the MITM gateway (git, curl without -k, wget, pip, npm with strict-ssl, gh,