GAM, MitM, GAM_CA_File

64 views
Skip to first unread message

David Laursen

unread,
Jul 21, 2021, 6:23:13 PM7/21/21
to GAM for Google Workspace
Hi, trying to run GAM on a Windows 10 PC at a school that uses ZScaler inspection of internet traffic.  I understand that I need to use/create a system environment variable 'GAM_GC_FILE' and point it to a *.PEM file.  I'm assuming the file I have to use would be  the ZScalerRootCertificate?  It comes as a *.CRT. I've used OpenSSL x509... on a mac to convert it to a *.PEM.  GAM refuses to function.  It errors with [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions.
GAM works if I hot-spot my computer (bypassing zscaler inspection).
Any tips please?

David Laursen

unread,
Jul 21, 2021, 11:57:25 PM7/21/21
to GAM for Google Workspace
Much thanks to Ross.
Seems like my PEM file isn't a PEM file.
I'm attempting to source one.
Will advise of progress.
(Typo in original post:  GAM_CG_FILE should be GAM_CA_FILE)

David Laursen

unread,
Jul 22, 2021, 12:38:39 AM7/22/21
to GAM for Google Workspace
Further update...
Seems my colleague has been able to install & run GAM successfully on a PC in the same networking environment.  No need to use the GAM_CA_FILE variable.
Points to an issue with my PC.
Will advise of progress. 

Jay Lee

unread,
Jul 22, 2021, 3:09:37 PM7/22/21
to google-ap...@googlegroups.com
You need to follow the instructions from:


If you don't have the PEM file from the Zscaler server you can try grabbing it using OpenSSL. OpenSSL ships with most Linux distributions and Mac OS but you'll need to download and install a version on 'Windows. The command to try and grab the CA pem would be:

echo quit | openssl s_client -showcerts -connect admin.googleapis.com:443 -proxy localhost:8888 > ca.pem

the set GAM_CA_FILE to be ca.pem.

Jay

Jay Lee


Important - Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of Sandringham College.
http://www.sandringhamsc.vic.edu.au

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/2f596009-e978-45f9-8ae8-2b4ea551f3can%40googlegroups.com.

David Laursen

unread,
Jul 25, 2021, 4:57:51 AM7/25/21
to GAM for Google Workspace
Apologies to all,
It was a firewall issue.
Thank you for your time Ross and Jay.

regards,
Dave.
Reply all
Reply to author
Forward
0 new messages