Topic: MDB CLI and Zscaler
MMirabito priority asked 1 year ago
Dear support,
I am using MDB-CLI and when I issue mdb login while connected on ZScaler I get the following error:
But when I turn off ZScaler then I can make a connection.
Is there a workaround other than turning off ZScaler which creates an issue with my work network?
Thanks,
max
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Opened
- ForumUser: Priority
- Premium support: Yes
- Technology: MDB Vue
- MDB Version: MDB5 4.0.0
- Device: NA
- Browser: NA
- OS: Windows
- Provided sample code: No
- Provided link: No
Arkadiusz Cacko staff commented 1 year ago
Hi, did you try this solution provided by zScaler https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store?
MMirabito priority commented 1 year ago
Arkadiusz, thank you for your response.
1) I am trying to better understand the issue and figure out if th elink can help me. to this end is there a switch in the MDB cli to turn on logging. I could not spot it in the docs
2) There is another ticket I created https://mdbootstrap.com/support/cli/mdb-cli-2/ which is still is pending status. Could you kindly review it please. It includes the above question (ZScaler related) and another issue that happens when zScaler is OFF and trying to run npm install.
Thanks max
MMirabito priority commented 1 year ago
Quick update when I tried mdb logs
C:\Users\SysAdmin>mdb logs
Error Could not process your request: unable to get local issuer certificate
Additionally I wanted to add that when on the CLI with ZScaler is ON and I do: npm login it's sucessfull:
C:\Users\sysadmin>npm login npm notice Log in on https://registry.npmjs.org/ Login at: https://www.npmjs.com/login?next=/login/cli/a3d3988e-b03b-43ee-a43c-5d69ff4fxxxx Press ENTER to open in the browser...
Logged in on https://registry.npmjs.org/.
MMirabito priority commented 1 year ago
Hi Arkadiusz, I worked with our networking team and this could be related to SSL inspection. If we disabled ZIA and leave ZPA enabled, you are able to connect.
They would like a list of resources that the CLI needs to access. They want to try and white list the URLs and see if it fixes the problem.
Can you provide that list?
Thanks
max
MMirabito priority commented 1 year ago
Hi Arkadiusz, have you had a chance to look into to this? We would be appreciate if you could provide a list of URLs if possible so that we can try to white list them.
Let me know if we need to have this discussion over a private channel.
Thanks in advance, max
Katarzyna Pietroń staff commented 1 year ago
Hello, please try to add
apps.mdbootstrap.com
andgit.mdbgo.com
to your whitelist of servers. I hope this will solve your problem.MMirabito priority commented 1 year ago
Katarzyna,
Is there an argument that I can pass to the CLI to turn on logging so that we can see more information where it's failing?
Thanks, max
MMirabito priority commented 1 year ago
never mind I just stumbled upon it when I was closely inspecting the package.json
"devDependencies": {.... "mdb-ui-kit": "git+https://oauth2:ACCESS_TOKEN@git.mdbootstrap.com/mdb/standard/mdb-ui-kit-pro-advanced",}
Thansk,
max
MMirabito priority commented 1 year ago
Update
Problem 1 With ZScaler - FIXED I was able to fix the issue with npm install and ssl cert issue. This was a git related. I added our trusted chain in Git's ca-bundle.crt C:\Program Files\Git\mingw64\etc\ssl\certs\ca-bundle.crt and now the project is updating as expected.
Problem 2 ZScaler - NOT FIXED When it comes to the MDB-CLI the problem continues
C:\MyProjects\mdb\mdb5-advanced-standard-vite>mdb login -u mxx8@xxx.xxx -p 6Zxxxxxxxxxxxxxxaa Error Login failed: unable to get local issuer certificate
How do you configure MDB-CLI or NPM or Node to use an additional cert at runtime. I am trying but nothing appears to be working for me- I am on Windows 10.
thanks,
max
MMirabito priority commented 1 year ago
Arkadiusz, it looks like I found a solution for problem #2 as wellBefore calling MDB CLI tell node to use an extra cert
I think it's fixed thanks again for the help
max