cancel
Showing results for 
Search instead for 
Did you mean: 

PCS thin-clients WSAM and Network Connect break when users traverse ZScaler-type proxy. Are PCS clients preventing SSL MitM?

New Contributor

PCS thin-clients WSAM and Network Connect break when users traverse ZScaler-type proxy. Are PCS clients preventing SSL MitM?

Do the PCS clients use any form of certificate pinning or other methods to prevent Internet-based SecAAS providers (ZScaler) from performing SSL MitM?
2 REPLIES 2
Moderator

Re: PCS thin-clients WSAM and Network Connect break when users traverse ZScaler-type proxy. Are PCS clients preventing SSL MitM?

Yes; however, that may not be the cause of what you are seeing. Or is the failure only happening when going through that specific route on the network? Is the proxy configured statically in the browser (supported) or transparent (not supported)?
Occasional Contributor

Re: PCS thin-clients WSAM and Network Connect break when users traverse ZScaler-type proxy. Are PCS clients preventing SSL MitM?

The PCS client compare the certificate (or cert hash) seen by the client to the certificate hosted on the PCS server. If you put some kind SSL interception the certificate on the MitM server must be the same cert the is installed on the PCS server.
Be careful: not all TLS traffic is HTTP ! (nCP/oNCP)