Adds Zscaler root certificate into different application CA stores running in macOS.
git clone https://github.com/sergitopereira/zscaler-cert-app-store.git
pip3 install -r zscaler-cert-app-store/requirements.txt --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org% python zscaler-cert-app-store -h
usage: zscaler-cert-app-store [-h] [-a] [-p] [-d] [-g] [-r] [-c] [-w] [-n] [-l] [-v] [--androidstudio] [--appcode] [--datagrip] [--goland] [--intellij]
[--pycharm] [--rubymine] [--webstorm] [-i]
optional arguments:
-h, --help show this help message and exit
-a, --all Add Zscaler root certificate to all installed applications
-p, --python Add Zscaler root certificate to pip and requests.Note that python2 is not supported
-d, --download Download Zscaler root certificate from keychain
-g, --git Add Zscaler root certificate to git
-r, --ruby Add Zscaler root certificate to Ruby
-c, --curl Add Zscaler root certificate to curl
-w, --wget Add Zscaler root certificate to wget
-n, --npm Add Zscaler root certificate to NPM
-l, --libressl Add Zscaler root certificate to libressl. This needs to be executed as root
-v, --version Displays script version and information about discovered apps
--androidstudio Add Zscaler root certificate to Android Studio
--appcode Add Zscaler root certificate to AppCode
--datagrip Add Zscaler root certificate to DataGrip
--golang Add Zscaler root certificate to GoLand
--intellij Add Zscaler root certificate to IntelliJ IDEA
--pycharm Add Zscaler root certificate to PyCharm
--rubymine Add Zscaler root certificate to RubyMine
--webstorm Add Zscaler root certificate to WebStorm
-i, --ios Add Zscaler root certificate to Apple IOS simulatorIn order to install all applications that are installed run the following command
zscaler-cert-app-store -aif Zscaler root certificate is not downloaded via script, please download to
~/.zscaler-cert-app-store/ZscalerRootCertificate.pem
python3
pip3Python3 PIP: The script uses pip-system-certs package and will patch the PIP and requests in oder to use certificates from the default system store rather than the bundled certificates CA
command: cat ~/.zscaler-cert-app-store/ZscalerRootCertificate.pem >> $(python -m certifi)Python3 requests: The script uses pip-system-certs package and will patch the PIP and requests in oder to use certificates from the default system store rather than the bundled certificates CA
command: echo "export REQUESTS_CA_BUNDLE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.bashrc
or
command: echo "export REQUESTS_CA_BUNDLE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.zshrcNOTE: Python 2 is not supported.
git: The script will run the following command
command: git config --global http.sslcainfo ~/.zscaler-cert-app-store/ZscalerRootCertificate.pem/ZscalerRootCertificate.pemcurl: will add CURL_CA_BUNDLE environment variable depending on the user terminal
command: echo "export CURL_CA_BUNDLE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.bashrc
or
command: echo "export CURL_CA_BUNDLE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.zshrcwget: will tun the following command
command: echo "ca_certificate=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.wgetrcRuby: will add SSL_CERT_FILE environment variable depending on user bash
command: echo "export SSL_CERT_FILE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.bashrc
or
command: echo "export SSL_CERT_FILE=~/.zscaler-cert-app-store/ZscalerRootCertificate.pem" >> $HOME/.zshrcThis need to be executed as root!
cat /home/root/.zscaler-cert-app-store/ZscalerRootCertificate.pem >>/private/etc/ssl/cert.pemIOS simulator. Please note that this command is required to be run for each simulator.
command: xcrun simctl keychain booted add-root-cert ~/.zscaler-cert-app-store/ZscalerRootCertificate.pemFor more information, refer to https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trusted-store#edge-browser