[agolliver]

They need their custom CA on your box for your machine to accept the traffic by default, otherwise you'll get a big ugly untrusted cert error on every https/ssl connection, but some apps will let you ignore those (eg: curl --insecure)

I worked at a company that did this and it was a massive headache, every time I wanted to set up a new VM things would fail until I remembered I had to install their CA. I was an intern at the time, and they gave me some work that required an app that I couldn't configure to use their CA for the life of me. After a lot of failed troubleshooting I and ended up just running a SSH server on my home PC and creating a SOCKS proxy through that.