OM fails to verify the certificate even when s3-disable-https is true:

om download-product --config config.yml --vars-file vars.yml --output-directory downloaded-product --stemcell-output-directory downloaded-stemcell --source s3 --s3-disable-https true
2026/02/02 21:37:22 Items, listing objects: RequestError: send request failed
caused by: Get "https://s3.example.com/tiles?list-type=2&max-keys=100&prefix=&start-after=": tls: failed to verify certificate: x509: certificate signed by unknown authority: no valid versions found for product "ops-manager" and product version "3.0.37+LTS-T"

The s3-disable-ssl command does not disable certificate verification, it disables the HTTPS protocol.

The following is the option description from om download-product -h

          --s3-disable-ssl             whether to disable ssl (https or http) when contacting the s3 compatible blobstore

You need to install the s3 SSL certificate as a trusted certificate on the machine.

If you are getting this error in Platform Automation Toolkit for Tanzu, you can use the prepare-image task to install the certificate.