feat: add Sectigo Public Server Authentication Root R46 certificate

[ZdenekSrotyr]

feat: add Sectigo Public Server Authentication Root R46 certificate

Summary

This PR adds the missing Sectigo Public Server Authentication Root R46 CA certificate to the Generic Extractor Docker image to resolve SSL certificate verification failures when connecting to APIs that use this certificate authority.

Changes:

• Added docker/SectigoPublicServerAuthenticationRootR46.crt containing the root certificate
• Modified Dockerfile to copy the certificate into /usr/local/share/ca-certificates/ where update-ca-certificates will automatically trust it

Context: Fixes SUPPORT-13812 where users were encountering "CURL error 60: SSL certificate problem: unable to get local issuer certificate" when the Generic Extractor tried to connect to APIs using Sectigo's R46 certificate.

Review & Testing Checklist for Human

• Verify certificate authenticity: Confirm the certificate in docker/SectigoPublicServerAuthenticationRootR46.crt matches the official Sectigo Public Server Authentication Root R46 certificate from a trusted source (e.g., directly from Sectigo or a certificate transparency log)
• Test Docker build completes successfully: Build the Docker image from scratch to ensure no build errors
• End-to-end testing: Test against the actual failing API from SUPPORT-13812 to verify the SSL error is resolved
• Cross-reference with working workaround: Compare this certificate with the one that was manually added in the Advanced Settings workaround mentioned in the JIRA ticket to ensure they match

Recommended Test Plan:

1. Build the Docker image locally
2. Run the Generic Extractor against the API endpoint that was failing in SUPPORT-13812
3. Verify the SSL connection succeeds and data is extracted correctly
4. Check that the certificate appears in the container's trusted certificate store: docker run <image> ls -la /usr/local/share/ca-certificates/

Notes

⚠️ Important: I was unable to fully test this change locally due to the lengthy Docker build process. The certificate was downloaded from https://www.sectigo.com/knowledge-base/detail/Sectigo-Intermediate-Certificates/kA01N000000rfBO which appears to be the official Sectigo knowledge base, but independent verification is recommended.

The certificate is placed before the update-ca-certificates command in the Dockerfile, following the same pattern as the existing DigiCert and GeoTrust certificates.

---

Link to Devin run: https://app.devin.ai/sessions/7fd95fda20124723a4de92f4d5d1ae9c
Requested by: zdenek.srotyr@keboola.com (@ZdenekSrotyr)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring