Colima & Cloudflare Zero Trust on Apple Silicon

Install Colima via Homebrew:

$ brew install colima
$ colima start

Add the Cloudflare Certificate

Get inside the VM that Colima spawns:

$ colima ssh
jude@colima:/Users/Jude$ <— make sure that your prompt changes

Download the Cloudflare Zero Trust certificate:

$ sudo curl -k --output /usr/share/ca-certificates/cloudflare.crt
$ sudo dpkg-reconfigure ca-certificates

In the terminal UI that shows up, press enter until the “More” prompt goes away, then ensure that cloudflare.crt is listed in that list. Once verified, trust all the certificates by giving in a range, such as 1-138 as was in my case (tip: the last entry in that list says “trust none“, so don’t select that in your range). Hit enter.

A successful output looks akin to this one:

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Processing triggers for ca-certificates (20230311ubuntu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...


Test the newly installed certificate:

$ curl -v
* processing:
* Server certificate:
* subject:
* start date: Mar 12 08:06:00 2024 GMT
* expire date: Jun 30 12:27:01 2024 GMT
* subjectAltName: host "" matched cert's ""
* issuer: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; OU=Gateway Intermediate ECC Certificate Authority
* SSL certificate verify ok.

Lastly, restart Colima:

$ colima restart

You’re done!


Leave a Reply

Your email address will not be published. Required fields are marked *