ZPA Connector Update isn't working

Hey,

We have the following problem for quite a time now. We have running two ZPA App Connectors. Since a kinda long time we get the following error:

Aug 11 07:43:23 zpa-connector zpa-connector[1378]: zpa-connector: starting, version 16.61.2
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: Fetching from dist.private.zscaler.com via co2br.prod.zpath.net
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: TLS Verification Failure via 165.225.73.251:443: Failed certificate check at depth=1, where subject=/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1, issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA. Error=unable to get local issuer certificate
Aug 11 07:43:25 zpa-connector zpa-connector[1378]: zscaler-update: Could not connect to dist.private.zscaler.com via co2br.prod.zpath.net

We do have a firewall but the App Connector is exempted from everything. Can someone help us with that?

Looking at the zpa-connector software version, I think this needs an update. It also looks like the OS cannot verify the signing certificate - so this is likely down to the CA trust store on the server.

Can you run ‘yum update’ on the machine and pull the latest patches, this should include the latest root CA list. I’d also ensure the ZPA connector software has updated correctly ‘yum update zpa-connector’ to check.
If that’s not the cause - I’d look to raise a support ticket.

yum update worked, thanks! It updated the broken connector to the newest version and scheduled an automatic update for the working one.

Excellent! Glad to see it worked.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.