ZCC manual installation in Windows and Mac Machines

Hi, Just wanted to check if we manually install the ZCC in Windows or Mac machine then do we need to install the Zscaler root certificate manually in store or in browser?

for Mac we installed the ZCC manually and was getting error for all sites after installing the Zscaler Root certificate in browser and trusted then it worked fine.

Hi Bhisham,

To my knowledge it’s not required unless you’ve unselected ‘Install Zscaler SSL Certificate’ in App Profile or depending App Profile policy order…
image

The ‘Default Policy’ for both Windows and MAC it’s not enabled and cannot be modified as you know.
Is it possible you are hitting the Default App Policy then OR have you configured a custom certificate for SSL inspection ?

G

this is needed for MAC machines to trust the Zscaler certificates.

This works fine for Windows but noticed that we have to add the certificate in mac machines.

Is there a way to trust the Zscaler Certificate for MAC users via SCCM/GPO etc? as manually its difficult to update the cert in 500 machines.

Zscaler Certificate installation - Jamf Nation Community - 244791 pls try this.

1 Like

I believe the only way to do this is through MDM or DEP/ABM for Mac. And then you can push configuration profiles that have CA’s attached in their payload. All fully capable MDM solutions can do this. And with Mac requiring pretty much all management to be done via MDM, that’s really the only option for remote deployment.

If you don’t have an MDM solution. You could use a payload configuration tool such as iMaze or Apple Configurator to create the profile and then email it to all your users. You might be able to create a custom package that has the CA and write a bash script for post-installation. Both of these options though have their own nuances and hurdles to overcome.

1 Like

Thanks for the solution Ben!