Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

I want to put Zscaler Root CA certificate for web access by terminal

  • 4 trả lời
  • 0 gặp vấn đề này
  • 18 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

more options

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error:

"Software is Preventing Firefox From Safely Connecting to This Site

www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network.

What can you do about it?

www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1

I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2

I run the command for updates CA but it doesn't work: sudo update-ca-certificates

Errors keep popping up.

The certificate not appear in the Certificate manager > Authorities Picture 3

But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message.

Picture 4

And the certificate appear in the manager certificate: Picture 5


How can I put the command terminal certificate, which I have on hundreds of machines?

Note: I need to put the certificate only for internet access.

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error: "Software is Preventing Firefox From Safely Connecting to This Site www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network. What can you do about it? www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1 I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2 I run the command for updates CA but it doesn't work: sudo update-ca-certificates Errors keep popping up. The certificate not appear in the Certificate manager > Authorities Picture 3 But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message. Picture 4 And the certificate appear in the manager certificate: Picture 5 '''How can I put the command terminal certificate, which I have on hundreds of machines?''' Note: I need to put the certificate only for internet access.
Đính kèm ảnh chụp màn hình

Tất cả các câu trả lời (4)

more options

walter.sena.m said

How can I put the command terminal certificate, which I have on hundreds of machines?

I have not tested it, but the Policy mechanism includes an instruction to import a certificate:

Note: I am flagging this thread to move to the "Firefox for Enterprise" forum so you can get more detailed assistance.

Hữu ích?

more options

I don't know where I create these policies, do you have the path in Linux for me to create this?

Hữu ích?

more options

On the Troubleshooting Information page, you can find the location of the "Application Binary" (see: Use the Troubleshooting Information page to help fix Firefox issues).

Within that same directory, create a subdirectory named distribution and put your policies.json file into that distribution directory.

As a Windows person, that's about as much as I can tell you...

Hữu ích?

more options

Hữu ích?

Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.