Unpack a tar ball of certs and inject into root ca for RH Distros. Awesome Team member set this up for us.

unpack-certs.sh

#!/bin/bash

LOCATION=`S3|http|NFS|ETC|location_of_tar`

sudo curl -o /tmp/ca-certs.tar $LOCATION \
    && sudo cd /etc/pki/ca-trust/source/anchors \
    && sudo tar vfx /tmp/ca-certs.tar \
    && sudo /usr/bin/update-ca-trust extract