I used to work in a corporate network with the following configs:
# System-wide profile
sudo tee /etc/profile.d/proxy.sh << "EOF" > /dev/null
PROXY="http://proxy.example.org:3128/"
NOPROXY="10.0.0.0/8,127.0.0.0/8,172.16.0.0/12,\
192.168.0.0/16,::1,localhost,*.example.org"
export ftp_proxy="${PROXY}"
export FTP_PROXY="${PROXY}"
export http_proxy="${PROXY}"
export HTTP_PROXY="${PROXY}"
export https_proxy="${PROXY}"
export HTTPS_PROXY="${PROXY}"
export no_proxy="${NOPROXY}"
export NO_PROXY="${NOPROXY}"
EOF
# DNF
sudo dnf config-manager --save \
--setopt proxy=http://proxy.example.org:3128/
# PKI
sudo trust anchor --store /path/to/ca.crt
sudo update-ca-trust