Using Colima with an SSL inspector

Submitted by Darren Oh on

After Cognizant installed Zscaler on my work Mac, DDEV could no longer retrieve images from Docker Hub. It complained that it could not verify the TLS certificate. I use Colima as my Docker provider, which apparently does not yet automatically update its root certificate authorities to match the machine it runs on.

To install the Zscaler root certificate authority in Colima, I used Keychain Access to export the Zscaler Root CA certificate from the System keychain in .cer format. I named it zscaler.cer. I used Terminal to run openssl x509 -inform DER -in zscaler.cer -out zscaler.crt. I created a .docker/certs.d directory in my home directory, moved zscaler.crt to .docker/certs.d, and restarted Colima. Because I installed Colima with Homebrew, the command to restart Colima was brew services restart colima.

After Colima restarted, DDEV was able to retrieve Docker Hub images.

Tags