NixOs in corporate

Hi all,

I ran into the same issue - hopefully this is helpful for you guys or someone else:

1. find the Zscaler root cert in your browser, export it.
   

   

   zscaler_cert563×672 12.9 KB

2. Set nix.settings.ssl-cert-file explicitly to /etc/ssl/certs/ca-bundle.crt

3. Use security.pki.certificates to grab the .crt file we exported earlier.

zscaler_config482×241 6.65 KB

From what I understand, security.pki.certificates will stick the exported .crt into /etc/ssl/certs/ca-bundle.crt at build time.