Enterprises often have a custom CA that their machines are provisioned to trust, which gets used for any custom certs they make. Thinking something like a new flag /ExportTrustedCertificates which will check the cert store on the VM and copy public keys to the Dockerfile, so the container trusts the enterprise CA.

For each cert to trust in the Docker image, the Dockerfile needs some PowerShell like this:

$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 <file.crt>
$store = new-object System.Security.Cryptography.X509Certificates.X509Store('Root','localmachine')
$store.Open('ReadWrite')
$store.Add($cert)
$store.Close()