Updating Zscaler Certificates
This article will walk through the process of updating the Zscaler Certificates that come pre-loaded on the router firmware. The article will walk through removing the original Zscaler Certificates, uploading the new ones, and referencing the new certificate in the Zscaler Internet Security using a TLS Tunnel. The configuration below will outline the steps for NCM, but this can also be performed on the router locally.
IMPORTANT NOTE: When the Zscaler functionality is enabled within a Cradleponit router, the Cradlepoint will modify the EDNS portion of the packets in compliance with RFC 6891 in order to allow Zscaler to apply their filtering service to the each LAN behind the Cradleponit. Currently, we have seen some very specific servers lack the ability to route packets when a packet's EDNS field has been modified. Please make sure your server can handle this type of traffic before purchasing the full product.
- Upgrade router NCOS to version 6.5.x.
This will automatically get the new Zscaler certificate.Option 2
Can be used on devices below NCOS 6.5.0
Step 1: Remove the original Zscaler Certificate and Zscaler CA Certificate.
- Navigate to the Group tab in ECM and select the group that needs to have the new certificates uploaded to it, then select "Configuration" > "Edit" and this will bring up the Configuration Editor.
Step 2: Upload the new .pem that can be downloaded above or here CP Zscaler.pem. Save this file in a location for access in the steps below.
- 6.x.x: Navigate to "Security" > "Certificate Management" > "PEM". Under the "Import PEM Certificate" section, use the following information.
- 5.x.x: Navigate to "System Settings" > "Certificate Management" > "Import PEM"
- Name: 2018 CP Zscaler
- Certificate File: "Select File" and select the "CP Zscaler.pem" file that was downloaded above and then hit "Import/Upload Certificate".
Published Date: 12/10/2014