SSL Inspection CA Setup

Corporate networks often use SSL inspection for security. This requires installing a trusted certificate authority (CA) on your machine.

Why This Is Needed

SSL inspection allows the corporate network to:

Monitor encrypted traffic for security threats
Enforce security policies
Prevent data exfiltration

Without the CA certificate installed, you'll see SSL errors when accessing external sites.

Obtain the CA Certificate

Contact IT or your team lead to receive the open-ca.crt certificate file.

Installation

macOS

# Open Keychain Access
open /System/Applications/Utilities/Keychain\ Access.app

# Drag and drop open-ca.crt into "System" keychain
# Double-click the certificate
# Expand "Trust" section
# Set "When using this certificate" to "Always Trust"

Or via command line:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain open-ca.crt

Linux

sudo cp open-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Configure Tools

Python/UV

export SSL_CERT_FILE=/path/to/open-ca.crt
export REQUESTS_CA_BUNDLE=/path/to/open-ca.crt

Add to ~/.bashrc or ~/.zshrc for persistence.

Node.js/npm

npm config set cafile /path/to/open-ca.crt

Git

git config --global http.sslCAInfo /path/to/open-ca.crt

Verify

Test with curl:

curl https://www.google.com

Should complete without SSL errors.

Troubleshooting

If you still see SSL errors:

Verify certificate is in correct keychain (System, not Login)
Restart your terminal/IDE
Check certificate expiration date
Contact IT support

Setup Complete! Return to Setup Introduction or check the FAQ.

Why This Is Needed​

Obtain the CA Certificate​

Installation​

macOS​

Linux​

Configure Tools​

Python/UV​

Node.js/npm​

Git​

Verify​

Troubleshooting​