Push ZScaler cert with ZScaler app for iOS devices w/o MDM


(Alex) #1

Is there an option to push ZScaler cert with ZScaler app for iOS devices (iPad, iPhone) w/o MDM?


(David Creedy) #2

Hi Alex,

No unfortunately. This is due to security requirements from Apple.

If an application (like Z App) side-loads a certificate, it’s not trusted by the device by default. The user needs to navigate through a complex series of screens to explicitly trust the certificate after that. There is no way to automate this. This is to prevent applications installed from the public app stores maliciously trusting a MITM certificate for example.

If the certificate is pushed via an MDM solution, it is automatically trusted and doesn’t require the user intervention.

I hope this makes sense

Regards

David


(Alex) #3

So now it’s major obstacle to rollout Zapp to iPads and iPhones. Do you have an existing ER to upvote on?
Thanks,


(David Creedy) #4

Hi Alex,

Not really, as it’s Apple’s behavior. I can raise an ER for you though. What would you like the desired behavior to be? Should we just install it and you will instruct the users how to trust the certificate?


(David Creedy) #5

Hi Alex,

Not really, as it’s Apple’s behavior. I can raise an ER for you though. What would you like the desired behavior to be? Should we just install it and you will instruct the users how to trust the certificate?


(Alex) #6

Ideally it would need to act the same way as it acts on Android platform for the consistency of the experience.


(David Creedy) #7

You would need to file the ER with Apple then unfortunately, and I don’t believe it’s likely this would happen. It’s not possible for an application like Z App on iOS to automatically trust a certificate like on Android. Apple mandates that the user must trust it manually.


(Alex) #8

Ok this does not scale at all.


(David Creedy) #9

Unfortunately we don’t have any control over what Apple dictates for it’s platforms. It’s just not possible for us to change this logic.

Generally, a deployment at scale will have some client management tool or MDM solution, which is why we recommend for scaled deployments like this an MDM should be used to push out the certificate. Without managing hundreds/thousands of users by manually installing apps from the app store.

Is there a specific reason you aren’t using a management tool? How do you deploy apps and mail settings to your devices today for this rollout?


(Alex) #10

We have a limited number of iOS devices around 30 which does not justify the cost of the software. Currently we use Apple configurator 2 for the new deployments. I will give it go.