Way to verify using certificate


We’ve been using custom certificate for SSL Inspection so far and plan to change to use Zscaler certificate.
Hundreds of servers and massive numbers of user PCs will be using Zscaler certificate after cut-over.
Is there any effective way to verify if PCs or servers are using Zscaler certificate rather than the custom certificate after cut-over? i.e> checking like Analytics log on ZIA portal.
Also, I want to know if there is any recommended way to cut-over certificate in our case, like from custom certificate(current default certificate) to zscaler certificate.
As our plan for cut-over, I am going to enable Default Certificate on Zscaler Intermediate CA Certificate.