Is this page helpful?

Create a combined CA bundle (one-time, on the host):

To add your corporate CA without losing trust in public CAs, concatenate the container’s default bundle with your corporate CA certificate:

# Extract the default CA bundle from the container
docker run --rm --entrypoint bash \
  ${NIM_LLM_MODEL_SPECIFIC_IMAGE}:2.0.3 \
  -c 'cat /etc/ssl/certs/ca-certificates.crt' > combined-ca-bundle.pem

# Append your corporate CA
cat /path/to/corporate-ca.pem >> combined-ca-bundle.pem

Run with the combined bundle:

Mount and reference the combined bundle:

docker run --rm --gpus all \
  -v "$LOCAL_NIM_CACHE:/opt/nim/.cache" \
  -v ./combined-ca-bundle.pem:/etc/ssl/certs/custom-ca-bundle.pem:ro \
  -e SSL_CERT_FILE=/etc/ssl/certs/custom-ca-bundle.pem \
  -e REQUESTS_CA_BUNDLE=/etc/ssl/certs/custom-ca-bundle.pem \
  -e NGC_API_KEY \
  ${NIM_LLM_MODEL_SPECIFIC_IMAGE}:2.0.3 \
  download-to-cache --all

If downloading through a proxy, also add -e HTTP_PROXY=... and -e HTTPS_PROXY=.... A proxy is not required for SSL_CERT_FILE to take effect.

On this page