This caused me a big headache yesterday. A solution (for git) is to install cacert and then run GIT_SSL_CAINFO=$HOME/.nix-profile/etc/ca-bundle.crt, but when running outside nixos that environment variable isn't set and there's no warning/indication that you'd need to set anything.

Basically this means curl/git are broken out of the box.

A nice thing would be to print "Curl has installed but no SSL certificates are currently available, which means all SSL operations will fail. To add SSL certificates, install the cacert package, then set CURL_CA_BUNDLE=$HOME/.nix-profile/etc/ca-bundle.crt in your environment", in bright red, when curl is installed, and a similar message for git.

It would also be nice if the packages just shipped with a certificate list.