Disable ZScaler temporarily on your Mac
If you are using a corporate machine with ZScaler installed on it, you may face SSL handshake errors, especially with Java apps throwing up javax.net.ssl.SSLHandshakeException errors when getting certificates proxied by ZScaler instead of the original certificates. ZScaler also caused issues when I tried to enable [email protected] connectivity setup on the Mac. Therefore, it is useful to be able to disable ZScaler client temporarily. However, most corporate MDM policies takes away the capability for you to disable the ZScaler client from its UI.
Disable ZScaler Client
Before I start, a short disclaimer. Do this at your own risk. If you’re not sure why you are doing this, don’t.
1. Unload the ZScaler services
Open up Terminal (or iTerm2) and use the following command to unload the ZScaler services. This will require your user id to have administrator rights. If you don’t, then unfortunately you are out of luck in trying to disable ZScaler on your machine. There are two (2) zscaler services that you need to unload to disable ZScaler client temporarily. The command below unloads them all in a single line.
sudo launchctl unload /Library/LaunchDaemons/com.zscaler.service.plist && sudo launchctl unload /Library/LaunchDaemons/com.zscaler.tunnel.plist
The command should not display any output and will temporarily unload the ZScaler service until you manually load the service again, or restart your Mac. If the service has already been disabled, you will see an error stating that it cannot find the service.
Want to get the same terminal experience as you see in the screenshot above? Check out my macOS set up for coding guide here now!
Error, group does not exist! Check your syntax! (ID: “2”)
Once you have done that, you should see that ZScaler service is now temporarily disabled.
3. Check the certificates to confirm ZScaler is temporarily disabled
You can easily check if your internet traffic is still being proxied through ZScaler or not. Open up Safari and load up google.com (or any other websites for that matter) and check the certificate. When ZScaler is enabled, you would see that the certificate will have is one that is generated by ZScaler.
But when you disable ZScaler successfully, you will see the original certificates again.
Enabling back ZScaler
To enable back ZScaler, just reload the ZScaler service using the following command. You should see ZScaler running back up again as it was.
sudo launchctl load /Library/LaunchDaemons/com.zscaler.service.plist && sudo launchctl load /Library/LaunchDaemons/com.zscaler.tunnel.plist
If this post has been useful, support me by buying me a latte or two 🙂