3

we're now using ZScaler instead of a proxy to check the internet traffic. It's quite an improvement, however setting up Git, Gradle and Maven with a proxy was easier to set up than setting it up with ZScaler. For using ZScaler we received a .cert-file which starts with "-----BEGIN CERTIFICATE-----" and ends with ""-----END CERTIFICATE-----". Between those lines is some hash code.

So my question is: How can I setup
a) Git
b) Gradle
c) Maven
in their respective "global settings" (so not for each project) with this certificate such that
a) pulling and pushing
b) / c) resolving dependencies
works again.

Thanks in advance.

XDAF
  • 374
  • 4
  • 15

2 Answers2

1

For Git, append this to your .gitconfig file

[http]
proxy = http://gateway.zscaler.net:80/
sslCAInfo = /path/to/your/zscaler-root-ca.crt

I believe any file extension for the cert file will be accepted, as long as it's not the binary encoded format. openssl can be used to convert back and forth.

For Maven and Gradle and others (CURL, NPM, Yarn) the idea is the same, add the zscaler certificate to the certificate store. Some will need to append to a certificate bundle file. Apologies for an incomplete answer, I'm working through this myself. Wish zscaler provided more documentation on this.

fontophilic
  • 1,066
  • 6
  • 18
1

For Maven, first you have to identify which JVM is used -> retrieve the path to the Java runtime dir from this command ouput: mvn -version

Then, type the next command to add the content of the ZscalerRootCertificate-2048-SHA256.crt file (containing -----BEGIN CERTIFICATE----- ...) to the JVM key store :

keytool -keystore "<path-to-java-dir>/lib/security/cacerts" -storepass changeit -noprompt -trustcacerts -importcert -alias zscalerroot -file ZscalerRootCertificate-2048-SHA256.crt

Finally, edit your Maven configuration to add the HTTP proxy configuration in the user profile / user home dir: .m2/settings.xml

<?xml version="1.0" encoding="UTF-8"?>
<settings ...>
  ...
  <proxies>
    <proxy>
      <active>true</active>
      <protocol>http</protocol>
      <host>gateway.zscaler.net</host>
      <port>80</port>
      <!-- Proxy exclusion list: adapt to your needs -->
      <nonProxyHosts>localhost|127.0.0.1|192.168.*</nonProxyHosts>
    </proxy>
  </proxies>
  ...
</settings>

You should be ready to go now !

NOTE: depending on the installation of ZScaler on your workstation, you may have to change in the Maven configuration the proxy host to 127.0.0.1 and the proxy port to 9000

ahuh
  • 11
  • 1