MDB CLI and Zscaler


Topic: MDB CLI and Zscaler

MMirabito pro premium priority asked a year ago

Dear support,

I am using MDB-CLI and when I issue mdb login while connected on ZScaler I get the following error:

enter image description here

But when I turn off ZScaler then I can make a connection.

Is there a workaround other than turning off ZScaler which creates an issue with my work network?

Thanks,

max


Arkadiusz Cacko staff pro premium priority commented a year ago

Hi, did you try this solution provided by zScaler https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store?


MMirabito pro premium priority commented a year ago

Arkadiusz, thank you for your response.

1) I am trying to better understand the issue and figure out if th elink can help me. to this end is there a switch in the MDB cli to turn on logging. I could not spot it in the docs

2) There is another ticket I created https://mdbootstrap.com/support/cli/mdb-cli-2/ which is still is pending status. Could you kindly review it please. It includes the above question (ZScaler related) and another issue that happens when zScaler is OFF and trying to run npm install.

Thanks max


MMirabito pro premium priority commented a year ago

Quick update when I tried mdb logs

C:\Users\SysAdmin>mdb logs

Error Could not process your request: unable to get local issuer certificate

Additionally I wanted to add that when on the CLI with ZScaler is ON and I do: npm login it's sucessfull:

C:\Users\sysadmin>npm login npm notice Log in on https://registry.npmjs.org/ Login at: https://www.npmjs.com/login?next=/login/cli/a3d3988e-b03b-43ee-a43c-5d69ff4fxxxx Press ENTER to open in the browser...

Logged in on https://registry.npmjs.org/.


MMirabito pro premium priority commented a year ago

Hi Arkadiusz, I worked with our networking team and this could be related to SSL inspection. If we disabled ZIA and leave ZPA enabled, you are able to connect.

They would like a list of resources that the CLI needs to access. They want to try and white list the URLs and see if it fixes the problem.

Can you provide that list?

Thanks

max


MMirabito pro premium priority commented a year ago

Hi Arkadiusz, have you had a chance to look into to this? We would be appreciate if you could provide a list of URLs if possible so that we can try to white list them.

Let me know if we need to have this discussion over a private channel.

Thanks in advance, max


Katarzyna Pietroń staff pro premium priority commented a year ago

Hello, please try to add apps.mdbootstrap.com and git.mdbgo.com to your whitelist of servers. I hope this will solve your problem.


MMirabito pro premium priority commented a year ago

Katarzyna,

Is there an argument that I can pass to the CLI to turn on logging so that we can see more information where it's failing?

Thanks, max


MMirabito pro premium priority commented a year ago

never mind I just stumbled upon it when I was closely inspecting the package.json

"devDependencies": {.... "mdb-ui-kit": "git+https://oauth2:ACCESS_TOKEN@git.mdbootstrap.com/mdb/standard/mdb-ui-kit-pro-advanced",}

Thansk,

max


MMirabito pro premium priority commented a year ago

Update

Problem 1 With ZScaler - FIXED I was able to fix the issue with npm install and ssl cert issue. This was a git related. I added our trusted chain in Git's ca-bundle.crt C:\Program Files\Git\mingw64\etc\ssl\certs\ca-bundle.crt and now the project is updating as expected.

Problem 2 ZScaler - NOT FIXED When it comes to the MDB-CLI the problem continues

C:\MyProjects\mdb\mdb5-advanced-standard-vite>mdb login -u mxx8@xxx.xxx -p 6Zxxxxxxxxxxxxxxaa Error Login failed: unable to get local issuer certificate

How do you configure MDB-CLI or NPM or Node to use an additional cert at runtime. I am trying but nothing appears to be working for me- I am on Windows 10.

thanks,

max


MMirabito pro premium priority commented a year ago

Arkadiusz, it looks like I found a solution for problem #2 as wellBefore calling MDB CLI tell node to use an extra cert

  • set NODE_EXTRA_CA_CERTS=C:\certs\org.crt
  • mdb login -u mxx8@xxx.xxx -p 6Zxxxxxxxxxxxxxxaa
  • Successfully logged in.

I think it's fixed thanks again for the help

max


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Open

Specification of the issue
  • User: Pro
  • Premium support: Yes
  • Technology: MDB Vue
  • MDB Version: MDB5 4.0.0
  • Device: NA
  • Browser: NA
  • OS: Windows
  • Provided sample code: No
  • Provided link: No
Tags