Note: This article is intended for technical audiences such as IT administrators.

When using ZScaler in your network environment, you may encounter issues preventing Aircall from connecting correctly. This article outlines the symptoms, cause, and the required ZScaler configuration changes.

Symptom

When trying to use Aircall in a network environment with ZScaler, users are unable to get Aircall to connect.

Cause

Aircall does not support Certificate Pinning.

Solution

In addition to allowing the usual list of Aircall domains, subnets, and ports through your firewall or endpoint security solution (referenced in our KB article Firewalls, anti virus, and content blockers), when using ZScaler you must also ensure that:

  • Certificate Pinning is disabled
  • SSL Inspection is disabled

ZScaler configuration

Certificate Pinning
Certificate pinning involves associating a specific SSL or TLS certificate with a particular domain. When enabled, ZScaler bypasses SSL inspection for traffic encrypted with pinned certificates, ensuring that the integrity and security of these connections are preserved. This is important for services or applications that require certificate pinning for authentication or security purposes.

SSL Inspection
SSL inspection, also known as SSL or TLS decryption or SSL or TLS interception, involves decrypting and inspecting encrypted traffic passing through the ZScaler network. In some cases, such as compliance requirements or specific application needs, SSL inspection may need to be disabled. This ensures that encrypted traffic remains opaque to ZScaler, preserving end to end encryption for sensitive data.

The documentation provided by ZScaler here provides more details.