I wanted to share few tips that aren’t found in the “Adding Custom Certificate to an Application Specific Trusted Store” ZIA help page.
AWS CLI and CDK
If you use AWS CLI and CDK, I found using the environment variable AWS_CA_BUNDLE works the best. When I last tested, CDK didn’t use the AWS CLI ca_bundle configuration.
AWS CLI and Private Endpoints over ZPA
If you use AWS Private Endpoints and access those resources over ZPA, you’ll run into issues with AWS CLI calls to those private endpoints. To fix this issue, I created a new PEM bundle that has the Zscaler Root Certificate and the 4 Amazon Root Certificates.
If you set the environment variable NODE_EXTRA_CA_CERTS, NodeJS, NPM and Yarn should work. I have seen issues lately where this has changed, so if you run into issues, after setting NODE_EXTRA_CA_CERTS configure NPM.
npm config set cafile $NODE_EXTRA_CA_CERTS #if running into issues
Hope this helps. Glad to see the ZIA help page getting updated with more tools!