DevTools 29 September 2025 10 min read

Setup Claude Code with Enterprise LLMs

A practical guide to setting up Claude Code (Anthropic's CLI) in enterprise environments — handling proxy configuration, custom CA certificates, and routing requests through internally available LLMs.

Claude CodeLLMEnterpriseProxySSLConfigurationAI Tools

Overview

Claude Code is Anthropic’s official CLI for interacting with Claude models. In enterprise environments, getting it to work requires navigating:

  • Corporate HTTPS proxies that intercept and re-sign TLS connections
  • Custom CA certificates that need to be trusted by Node.js
  • Proxy authentication requirements
  • Network access restrictions to external AI APIs

This guide covers the configuration steps to get Claude Code running in a managed enterprise environment.

Prerequisites

  • Node.js 18+ installed
  • Claude Code installed: npm install -g @anthropic-ai/claude-code
  • Your corporate CA certificate (.pem or .crt format)
  • Proxy server address (if required)
  • An Anthropic API key (or access to an Anthropic-compatible endpoint)

Step 1: Identify Your Network Environment

First, determine what you’re working with:

# Check for corporate proxy
env | grep -i proxy
curl -v https://api.anthropic.com 2>&1 | head -30

# Inspect the certificate being presented
echo | openssl s_client -connect api.anthropic.com:443 2>/dev/null | \
  openssl x509 -noout -issuer -subject

If the issuer is your organisation (not Anthropic or a public CA), SSL inspection is active.

Step 2: Export the Corporate CA Certificate

From a browser (Chrome/Edge):

  1. Navigate to any HTTPS internal site
  2. Click the padlock → Certificate → Details → Copy to File
  3. Export as Base-64 encoded X.509 (.CER)

Via command line:

# Extract from a known internal HTTPS site
echo | openssl s_client -connect internal.example.com:443 -showcerts 2>/dev/null | \
  awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/' > corporate-ca.pem

# On Windows (PowerShell) - export from cert store
$cert = Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Subject -like "*YourCorp*"}
Export-Certificate -Cert $cert -FilePath corporate-ca.pem -Type CERT

Step 3: Configure Node.js to Trust the Corporate CA

Claude Code runs on Node.js, which uses its own bundled CA list by default. Override this with:

# Set permanently in your shell profile (.bashrc / .zshrc)
export NODE_EXTRA_CA_CERTS=/path/to/corporate-ca.pem

# Verify it works
node -e "const https = require('https'); https.get('https://api.anthropic.com', r => console.log(r.statusCode))"

Step 4: Configure Proxy Settings

# In your shell profile
export HTTPS_PROXY=http://proxy.internal.example.com:8080
export HTTP_PROXY=http://proxy.internal.example.com:8080
export NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,.internal.example.com

# If proxy requires authentication
export HTTPS_PROXY=http://username:password@proxy.internal.example.com:8080

Security note: Avoid embedding credentials in NO_PROXY if possible. Use a credentials manager or discuss with your proxy team about IP-based authentication for developer workstations.

Step 5: Configure Claude Code

# Set your API key
export ANTHROPIC_API_KEY=sk-ant-...

# Or configure via claude CLI
claude config set api-key sk-ant-...

# Test the connection
claude --version
echo "Hello" | claude

Step 6: Verify the Setup

# Quick connectivity test
claude -p "What is 2+2?"

# If you get SSL errors, double-check:
echo $NODE_EXTRA_CA_CERTS
echo $HTTPS_PROXY
openssl verify -CAfile $NODE_EXTRA_CA_CERTS /dev/stdin <<< "$(echo | openssl s_client -connect api.anthropic.com:443 2>/dev/null | openssl x509)"

Using an Internal/Alternative Endpoint

Some organisations proxy or cache LLM API calls through an internal gateway. Claude Code supports custom base URLs:

# Point to an internal Anthropic-compatible endpoint
export ANTHROPIC_BASE_URL=https://llm-gateway.internal.example.com

# Or configure via claude
claude config set api-url https://llm-gateway.internal.example.com

The endpoint must implement the Anthropic Messages API format.

Persistent Configuration

Add these to your shell profile for persistence:

# ~/.bashrc or ~/.zshrc

# Claude Code enterprise configuration
export ANTHROPIC_API_KEY="sk-ant-..."
export NODE_EXTRA_CA_CERTS="/home/username/.certs/corporate-ca.pem"
export HTTPS_PROXY="http://proxy.internal.example.com:8080"
export NO_PROXY="localhost,127.0.0.1,.internal.example.com"

Troubleshooting

SymptomLikely CauseFix
UNABLE_TO_VERIFY_LEAF_SIGNATURECorporate CA not trustedSet NODE_EXTRA_CA_CERTS
ECONNREFUSEDProxy required but not setSet HTTPS_PROXY
407 Proxy Authentication RequiredProxy needs credentialsInclude user:pass@ in proxy URL
ETIMEDOUTFirewall blocking API endpointRequest firewall exception for api.anthropic.com:443
Response buffered/slowProxy buffering SSERequest SSL inspection bypass for api.anthropic.com

Security Considerations

When running AI coding tools in enterprise environments:

  1. Understand what gets sent — Claude Code sends your code and queries to the API. Ensure this complies with your data classification policies
  2. API key management — Store API keys in a secrets manager, not in plaintext config files
  3. Audit logging — Some organisations require logging of AI API calls; check with your security team
  4. Data residency — Verify Anthropic’s data processing regions align with your compliance requirements (GDPR, Privacy Act, etc.)
← Back to Articles