Posted on 05-18-2022 01:17 PM
anyone has issue on deploy the zscaler app with the root cert not trust ?
I recently deploy Zscaler , but root trust show red "x" on the keychain access. anyway to get it around by putting command in jamf policies ?
Solved! Go to Solution.
05-18-2022 01:20 PM - edited 05-18-2022 01:31 PM
@Laura7878 we went with the Configuration Profile approach.
Added the Zscaler cert as Configure Profile.
Made sure profile is scoped to appropriate devices.
Deploy Zscaler.
05-18-2022 01:20 PM - edited 05-18-2022 01:31 PM
@Laura7878 we went with the Configuration Profile approach.
Added the Zscaler cert as Configure Profile.
Made sure profile is scoped to appropriate devices.
Deploy Zscaler.
Posted on 05-23-2022 12:30 AM
Hi, thanks for this solution. Do you know why the Zscaler certificate was deployed as an Untrusted certificate?
Posted on 06-02-2022 11:39 PM
The problem is that the certificate has been issued for too long.
TLS server certificates must have a validity period of 825 days or less (as specified in the NotBefore and NotAfter fields of the certificate).
Connections to TLS servers that violate these new requirements will fail and can cause network outages and app failures. Also, websites may not load in Safari in iOS 13 and macOS 10.15.
Posted on 05-18-2022 01:22 PM
can you please tell me where to get the root cert from the zscaler portal?
someone is manage this and they have no idea where to get
05-18-2022 01:25 PM - edited 05-18-2022 01:31 PM
Same here. I do not have access to the portal itself. I just requested the team to send me the certs. They were able to figure it out.
Also, have you try exporting that cert from your keychain?
Posted on 05-18-2022 01:33 PM
Just got the cert from the team by letting them know they have to figure out. great help there :)
I have not be able to , This is the first Mac that i deploy via jamf , not sure how to get it form the keychain.
by the way , this happen , do i need to convert ?
Posted on 05-18-2022 01:36 PM
Keychain Access > Zscaler Root CA > Export "Zscaler Root CA" > defaults to .cer format.
Posted on 05-18-2022 01:42 PM
super helpful . thank you . that save tons of time to trying convert the root CA .
one last question please. how do you setup upgrade/patch the Zscaler ? I tried to go patch managment seems not able to find Zscaler.
Posted on 05-18-2022 01:46 PM
If we need to update the Zscaler application, we just create a policy to push out the new package. We have no issues overriding the Zscaler. We don't disable/uninstall it. We just deploy the new version to the computer via a policy.
Posted on 05-18-2022 01:48 PM
i thought for the upgrade is :
1. upload package
2. set up policies
3. go to patch management , select the new definition and create new patch policies also setup the immediate push
4. end user got the new version upgrade
Posted on 05-18-2022 01:51 PM
Well, that's if the application is listed in Patch Management.
Applications which are not part of Patch Management can still be updated by using Jamf Policy alone. Just have to scope and define frequency and trigger appropriately.
Posted on 05-18-2022 01:53 PM
thank you very much to clear this up .
the Jamf trainer didn't tell us that , i thought there is no way to update the version if it is not list.