Over 90% of websites now use TLS encryption (HTTPS) as the access method. Enterprises utilise TLS inspection for Advanced Threat Protection, Access controls, Visibility, and
In this directory structure, you can add the Zscaler certificate into the certs directory by simply copying the file in.
cp ZscalerRootCertificate-2048-SHA256.crt $(openssl version -d | cut -f2 -d ')/certs
Alternatively you can place the file into the anchors directory and run the update-ca-trust command to push the certificate into the CA-Trust files. This is more effective since the CA-Trust file could be directly referenced by other applications
cp ZscalerRootCertificate-2048-SHA256.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust
Python
Apple (AAPL) App Store Targeted by North Dakota Lawmakers. United Airlines (UAL) Shares Signal a Breakout. PepsiCo (PEP) Option Traders Pessimistic. Disney (DIS) Option Traders Strongly Optimistic. Zscaler is a global cloud computing-based security and compliance system focused on bringing information security to cloud computing. Zscaler provides a safe Internet experience for more than 12 million users worldwide; from small businesses through to enterprise-grade anywhere, anytime, on any device. Download the Zscaler Client Connector.app. To start, you’ll need the.app installer for ZCC from the Zscaler Client Connector Portal. Log into the portal (either through ZIA or ZPA) and navigate to Administration Zscaler Client Connector Store. Apple begins showing a repair index for devices like the iPhone and Mac in France, due to local regulations set by the Minister of Ecological Transition — Apple surprisingly began to show a repair index for devices like the iPhone and Mac in the Apple Store app and the Apple Online Store in France this week. Download the Zscaler Client Connector.app. To start, you’ll need the.app installer for ZCC from the Zscaler Client Connector Portal. Log into the portal (either through ZIA or ZPA) and navigate to Administration Zscaler Client Connector Store.
Python will (again) typically use it’s own CA store. You can identify the store if certifi package is installed
python -m certifi
Which will output
/usr/lib/python2.7/site-packages/certifi/cacert.pem
You can update the Zscaler certificate into this CA Store by doing the following
cat ZscalerRootCertificate-2048-SHA256.crt >> $(python -m certifi)
Similarly, you can configure system variables to point to this CA Store (or point to the OpenSSL store you’ve updated previously)
export CERT_PATH=$(python -m certifi)export SSL_CERT_FILE=${CERT_PATH}export REQUESTS_CA_BUNDLE=${CERT_PATH}
Base Operating System
MacOS behaves very similar to Linux, but has it’s own configurations and directories. MacOS will mostly use the keychain, which should keep the OpenSSL CA Store in sync. Either import the certificate to the trusted root store using Keychain, or perform the following in the terminal.
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <CERTIFICATE>
It may still be necessary to update the OpenSSL CA Store to include the Zscaler certificate for any application which reads it directly.
sudo cat ZscalerRootCertificate-2048-SHA256.crt >> /usr/local/etc/openssl/cert.pem
Python
Python will (again) typically use it’s own CA store. You can identify the store if certifi package is installed
python -m certifi
Which will output
~/Library/Python/3.7/lib/python/site-packages/certifi/cacert.pem
You can update the Zscaler certificate into this CA Store by doing the following
cat ZscalerRootCertificate-2048-SHA256.crt >> $(python -m certifi)
Mac App Store For Windows
Similarly, you can configure system variables to point to this CA Store (or point to the OpenSSL store you’ve updated previously)
export CERT_PATH=$(python -m certifi)export SSL_CERT_FILE=${CERT_PATH}export REQUESTS_CA_BUNDLE=${CERT_PATH}
Docker – on Windows, MacOS, and Linux, will use the OpenSSL CA Trust for it’s connections – ensure these are configured to allow Docker to download packages as you instantiate them in your Dockerfile
Once the Dockerfile is loaded and being processed, containers will make their own connections which will need to trust the Zscaler certificate. It’s therefore important to combine the above approaches to ensure your Docker container has the Zscaler certificates installed.
This example uses three files. The .env file controls whether the build is being run in production (no-Zscaler) or development (Zscaler). The docker-compose.yaml file reads the BUILD_ENV variables and passes to the Dockerfile
.env
BUILD_ENV=production
OR
BUILD_ENV=development
docker-compose.yaml
version: '3.1'services: dotnetconf19: image: dockersamples/dotnetconf:19 build: context: . args: - BUILD_ENV=${BUILD_ENV:-production} - CERT_FILE=${CERT_FILE:-/etc/ssl/certs/ca-certificates.crt} environment: - BUILD_ENV=${BUILD_ENV:-production} - CERT_FILE=${CERT_FILE:-/etc/ssl/certs/ca-certificates.crt}
Dockerfile
Zscaler Mac App Store For Windows
FROM mcr.microsoft.com/dotnet/core/sdk:3.0.100-preview9 AS builder#No need to install certificates here – no Internet requests madeWORKDIR /srcCOPY src/WebRequests.csproj .RUN dotnet restoreCOPY src/ .RUN dotnet publish -c Release -o /out WebRequests.csprojFROM mcr.microsoft.com/dotnet/core/runtime:3.0.0-preview9#Image runs internet requests over HTTPS – Install Certs if dev environment#Set ARG BUILD_ENV default = productionARG BUILD_ENV=production#Assign the $BUILD_ENV the BUILD_ENV ENV so that it can be accessedENV BUILD_ENV $BUILD_ENV#Add the CA Certificate to the containerADD src/ZscalerRootCertificate-2048-SHA256.crt /tmp/ZscalerRootCertificate-2048-SHA256.crt#Use BUILD_ENV variable within the container to copy the CA certificate into the certificate directory and updateRUN if [ '$BUILD_ENV' = 'production' ] ; then echo 'production env'; else echo 'non-production env: BUILD_ENV'; CERT_DIR=(openssl version -d | cut -f2 -d ')/certs ; cp /tmp/ZscalerRootCertificate-2048-SHA256.crt $CERT_DIR ; update-ca-certificates ; fi#Continue the build where the HTTPS Connections are madeWORKDIR /appENTRYPOINT ['dotnet', 'WebRequests.dll']ENV DotNetBot:Message='docker4theEdge!'COPY --from=builder /out/ .