We have the following problem for quite a time now. We have running two ZPA App Connectors. Since a kinda long time we get the following error:
Aug 11 07:43:23 zpa-connector zpa-connector[1378]: zpa-connector: starting, version 16.61.2
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: Fetching from dist.private.zscaler.com via co2br.prod.zpath.net
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: TLS Verification Failure via 165.225.73.251:443: Failed certificate check at depth=1, where subject=/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1, issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA. Error=unable to get local issuer certificate
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: Could not connect to dist.private.zscaler.com via co2br.prod.zpath.net
We do have a firewall but the App Connector is exempted from everything. Can someone help us with that?
Looking at the zpa-connector software version, I think this needs an update. It also looks like the OS cannot verify the signing certificate - so this is likely down to the CA trust store on the server.
Can you run ‘yum update’ on the machine and pull the latest patches, this should include the latest root CA list. I’d also ensure the ZPA connector software has updated correctly ‘yum update zpa-connector’ to check.
If that’s not the cause - I’d look to raise a support ticket.