My employer, in their infinite wisdom, has implement an TLS inspection proxy (MITM attack), and I'm trying to figure out how to get everything working again on Fedora 30.
I have a .pem file that I downloaded with firefox. If I use keytool to import that into the java cacerts keystore, that fixes issues with java. So I'm pretty sure my .pem file is good. But I cannot get curl to use the .pem file to trust the ZScaler's CA cert. I've tried: 1. curl --cacert mitm.pem https://nodejs.org 2. Adding the .pem file to /etc/pki/ca-trust/source/anchors/, and making sure it's in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (and its symlink /etc/pki/tls/certs/ca-bundle.crt) after running 'update-ca-trust' 3. curl --cacert /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Curl consistently complains that it can't verify the tls cert. I'm probably missing something obvious here, but I'm stuck. Any ideas or suggestions? Thanks, Barry /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
