We are aware that our aarch64 image doesn’t have an updated CA list, because the upstream does not updated for three years 
The next version of that specific image for that specific platform have a fix (this platform doesn’t supported anymore by the way), we now would use the arm64/v8 upstream image. It’s updated and actual.
2 Likes