Add 'custom CA certs' to LXD for OpenID trusts

I have a Keycloak server I’m trying to set up for OIDC with the LXD GUI. I get a hard-error whenever the system tries to connect to the OIDC provider because the certificate isn’t trusted.

The LXD I use is Snapped, and I don’t know where it gets its certificate trust chains from. Is this from the host system’s CA certificates, or is it unique to the LXD snap?