Category     

Updating Zscaler Certificates

« Go Back

Information

 
Content

Updating Zscaler Certificates


Quick Links

Summary

Download

Configuration

Summary

This article will walk through the process of updating the Zscaler Certificates that come pre-loaded on the router firmware. The article will walk through removing the original Zscaler Certificates, uploading the new ones from the .p12 file downloaded below, and referencing the new certificate in the Zscaler Internet Security using a TLS Tunnel. The configuration below will outline the steps for ECM, but this can also be performed on the router locally.

IMPORTANT NOTE: When the Zscaler functionality is enabled within a Cradleponit router, the Cradlepoint will modify the EDNS portion of the packets in compliance with RFC 6891 in order to allow Zscaler to apply their filtering service to the each LAN behind the Cradleponit.  Currently, we have seen some very specific servers lack the ability to route packets when a packet's EDNS field has been modified.  Please make sure your server can handle this type of traffic before purchasing the full product.

Download

2016 CP Zscaler.p12

Configuration

  • Step 1: Remove the original Zscaler Certificate and Zscaler CA Certificate.

    • Navigate to the Group tab in ECM and select the group that needs to have the new certificates uploaded to it, then select "Configuration" > "Edit" and this will bring up the Configuration Editor.
    • User-added image
  • Step 2: Navigate to Local Certificates within the Configuration editor.

    • 6.x.x: Navigate to "Security" > "Certificate Management" > "Local Certificates".
    • 5.x.x: Navigate to "System Settings" > "Local Certificates".
    • User-added image
    • User-added image
  • Step 3: Remove "CP Zscaler" and "CP Zscaler (CA)" certificates.

    • Select the two certificates "CP Zscaler" and "CP Zscaler (CA)" and select "remove".
    • User-added image
    • User-added image
  • Step 4: Upload the new .p12 that can be downloaded above or here 2016 CP Zscaler.p12. Save this file in a location for access in the steps below.

    • 6.x.x: Navigate to "Security" > "Certificate Management" > "PKCS12". Under the "Import PKCS12 Format Certificates" Section, use the following information.
    • 5.x.x: Navigate to "System Settings" > "Certificate Management" > "Import PKCS12"
      • Name: 2016 CP Zscaler
      • Passphase: password
      • Certificate File: "Select File" and select the "2016 CP Zscaler.p12" file that was downloaded above and then hit "Import/Upload Certificate".
      • User-added image
      • User-added image
      • Note: To verify the new certificates were imported correctly, navigate back to the "Local Certificates" section and there should be two new certificates as shown below.
      • User-added image
      • User-added image
  • Step 5: Reference the new Zscaler Certificate for Zscaler Internet Security using a TLS tunnel.
    • 6.2.x: Navigate to "Security" > "Cloud-Based Security" > drop down under Cloud Provider: "Zscaler Internet Security".
    • 6.x.x: Navigate to "Security" > "Content-Based Filtering" > drop down under Cloud Provider: "Zscaler Internet Security".
    • 5.x.x: Navigate to "Network Settings" > "Content Filtering" > "Cloud Based Filtering/Security" > drop down under Cloud Provider: "Zscaler Internet Security".
      • Under the "Certificate Name:" section, select the new certificate named 2016 CP Zscaler and hit save.
      • This is all the configuration changes needed to get Zscaler Internet Secuirty using a TLS tunnel up and running with a new certification. Select Commit Changes and this will push down the new ECM group configuration.
      • User-added image
      • User-added image
      • User-added image

Related Articles/Links


Published Date: 12/10/2014


 
Knowledge Home | Product