The instructions below are relevant only if you have a strict GPO policy restricting the certificates that can be installed on your organization's devices.
For Zscaler App 1.2 and later, the network adapter certificate is automatically installed with the app. If you are using an earlier version of the app, you must add an install option to silently install the network adapter signature certificate along with the app. To learn more, see Customizing the Zscaler App with Install Options (MSI) and Customizing Zscaler App with Install Options (EXE).
If you have a strict GPO policy restricting the certificates that can be installed on your organization's devices, you must download the network adapter signature certificate from the Zscaler App portal, then import it into your trust store to enable silent installation of the app on your OU computers.
Download the Network Adapter Signature Certificate
- In the Zscaler App portal, go to Administration.
- From the left menu, select Zscaler App Store.
- Click Download Client Certificates in the top-right corner of the page.
- Save the certificates to a location of your choice.
Add the Network Adapter Signature Certificate to the Trust Store
- Select the OU GPO policy you created for the Zscaler App and click Edit.
- Go to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers.
- Right-click and select Import.
- Locate and import the SHA-1 and SHA-2 Network Adapter Signature Certificates.
- To update the policy, run the following command:
- Verify that the certificate was imported to the trust store of the OU's Windows computers with the following steps:
- Log in to a remote Windows computer and run the Certificate Manager Tool (certmgr.msc).
- Go to Trusted Publishers > Certificates and verify that the certificates defined in the GPO policy were properly imported.