[feature] [Conan 2.0] Consider not maintaining a conan cacert.pem file

[lasote]

• We are maintaining a cacert.pem file because some users with old installed software in the operating system (openssl, curl...), especially in old distributions, had a lot of issues using HTTPS with Conan.
• But we are not maintaining properly the file with the new authorities. Sometimes that's very painful, [question] Unable to connect to conancenter=https://center.conan.io #9695, and maybe, the ecosystem with python 3 has improved.
• We could try to not generate it and (maybe as an opt-in) if the cacert.pem file exists in the cache, use it. That way users still can distribute it with conan config install and, in case of frequent errors, we could offer a fix with conan config install pointing to a zipped cacert.pem that could be upgraded anytime.

Feedback welcome!

[memsharded]

I suggest to start clean in 2.0, do not handle at all the cacert.pem, and start receiving users feedback.

[paulocoutinhox]

I suggest to don't have nothing about it in version 2, but have a "fallback" solution if users have some problem when migrate to conan 2. Version 2 on semantic version mean incompatible anyway.

[sorekz]

Many companies (including the one I work for) use self-signed certificates for their self-hosted Artifactory servers.
So if you remove the default cacert.pem file that's ok as long as the mechanism is still available and we can ship our certificate chain with our conan config.

How it currently works in conan 1 is not optimal though. The best solution would be to use the systems ssl storage as described in #4353 or make use of the REQUESTS_CA_BUNDLE environment variable.

[memsharded]

cacert.pem has been removed in develop2 in #10007, next alpha2 will release it, this can be closed.