Zscaler certificate error running VPN client through WSS
search cancel

Zscaler certificate error running VPN client through WSS


Article ID: 218354


Updated On:


Cloud Secure Web Gateway - Cloud SWG


WSS agent connected and sending Web traffic into WSS

Zscaler app running on WSS agent host

When connecting the Zscalar VPN client, connectivity fails and an SSL 'untrusted root' certificate error is reported

Applied suggestion from another Zscalar KB article but failed to address issue 

Disabling the WSS agent and connecting to Zscaler directly working fine


Windows 10

WSS agent

Zscaler VPN client


SSL connectivity issue communicating with Zscaler through WSS


Added the following Zscaler connector IP addresses to the WSS bypass list.

The 'copy IPs' option is useful to export all IP addresses to a file, which can then be imported into WSS.


According to Zscaler 

"Zscaler strongly recommends that connectors and the Zscaler Client Connector have unrestricted outbound access to the Internet on port 443, to ensure access to all Zscaler brokers as our infrastructure evolves and expands. However, if this best practice is not feasible in your environment and outbound Internet access restrictions must be applied with specific exemptions, the following connectivity must be permitted."