Azure "az" command and decryption

Hello, All.

Working on Windows. A few days ago, tried to understand why the Microsoft Azure CLI "az" command line program was not working with decryption behind our PAN OS 10.2.10.

• Azure CLI is a python tool. I am currently running v2.77 (latest)
• I added the root CA to C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem

This is Microsoft's recommended solution, but this latest version of Python / Azure CLI checks the certificate validity also on the Authority Key Identifier (AKI). 

The error message seems "obvious":

• Before adding the "root CA" to its trusted store: "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1032)"
• After adding the "root CA" to its trusted store: "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier"

I searched on public posts, and pre 2024, it seems that updating the python trust store or bypassing security was possible. Not anymore with this latest version of Azure CLI.

Our friends Copilot and Gemini helped me in finding this "reason" for the problem I am facing. But I am surprised that nobody else posted anything about this though.  

Don't you guys face the same issue? The way I see it, it is impossible to solve since the decryption mechanism does not publish the Authority Key Identifier in fear of breaking a client's verifications... Or why the PA firewall does not update the AKI to match its Forward Trust Certificate's Server Key Identifier? 

Any input is welcome.

Cheers.