Use OWASP ZAP under the transparent proxy environment

[nao]

Hi, 

I tried to run OWASP ZAP on my corporate MacBook. Our company currently uses the transparent web proxy. I added the CA certificate issued by the proxy to the Keychain Access app, and most HTTPS traffic is now accessed through the proxy.

However, when I launch OWASP ZAP, its update feature fails. Please review the attached log file. 

I believe the issue occurred because I did not add the CA certificate to the JRE CA Certificate store bundled to ZAP. I tried the following commands to add the proxy CA certificate to the JRE CA Certificate store, but the command failed because it requires the keystore password. Is there a way to add the custom CA certificate to the JRE bundled to ZAP?

% cd /Applications/OWASP ZAP.app/Contents/PlugIns/jre-jdk-11.0.12+7-jre/Contents/Home

% bin/keytool -import -trustcacerts -alias <ca-alias> -file <ca-file-path> -keystore lib/security/cacerts

*Assume the following:

<ca-alias>: the alias name for the proxy's CA certificate

<ca-file-path>: the file path for the proxy's CA certificate file 

Thanks,