如何解决在 Vsphere 的 Openshift 4 中，当 curl 到 vcenter URL 时会导致 "SSL certificate problem: unable to get local issuer certificate" 错误的问题

Issue

• 在 Vshpere 中安装 OCP 4 集群后发现存储集群 operator 处于降级状态：

omc get co | grep storage
NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
storage                                    4.13.4    True        True          True      1d

• 进一步检查存储集群 operator 日志发现，到 vcenter 的连接出现超时问题。

"message": "DefaultStorageClassControllerAvailable: StorageClass provided by supplied CSI Driver instead of the cluster-storage-operator\nVSphereCSIDriverOperatorCRAvailable: All is well\nVSphereProblemDetectorControllerAvailable: failed to connect to vcenter01.xxx.xxxx.com: Post \"https://vcenter01.xxx.xxxx.com/sdk\": dial tcp 192.168.x.xx:443: i/o timeout",

• 从安装程序服务器/堡垒服务器，或从所有 master 节点连接到 vcenter 时。

sh-4.4# curl -v https://vcenter01.xxx.xxxx.com
* Rebuilt URL to: https://vcenter01.xxx.xxxx.com/
*   Trying 192.168.0.29...
* TCP_NODELAY set
* Connected to vcenter01.xx.xxxx.com (192.168.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html