I use conan on an internal network with PKI rooted under a local private CA. For normal conan client use, this requires users to append to their ".conan/cacert.pem" file the local CA.
When used by the Jenkins artifactory plugin, it appears that there is no way to influence the temporary per-build conan configuration to include the local CA, so any attempts to access our Artifactory host are blocked (correctly) as having an improper host certificate.
A workaround for the CA issue is to create a system-wide or account-wide conan configuration, modify the "cacert.pem" file appropriately, and then use the following within a Jenkinsfile to force the use of a single ".conan" home folder. Unfortunately, this has implications on concurrent builds on a single host which I would like to avoid.