jfrog · gmininberg-jfrog · Jun 18, 2026 · Jun 18, 2026
@@ -162,12 +162,14 @@ sudo ./install_certs_macos.sh \
 
 **Exit code:** 0 if all checks pass, 1 if any check fails.
 
+Use a substring from your CA subject as `<ca-subject-pattern>` (find it with `openssl x509 -in <pem> -noout -subject`).
+
 ```bash
 # After install: validate current user’s config and cert path(s)
-./validate_install_macos.sh --expected-subject Zscaler
+./validate_install_macos.sh --expected-subject "<ca-subject-pattern>"
 
 # Validate every user’s config (run as root)
-sudo ./validate_install_macos.sh --expected-subject Zscaler --all-users
+sudo ./validate_install_macos.sh --expected-subject "<ca-subject-pattern>" --all-users
 ```
 
 ---
@@ -372,7 +374,7 @@ Re-runs **merge** certs: if the target file already exists, the script saves its
 Run from a directory that contains the script (or use full path):
 
 ```powershell
-powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -CertName Zscaler -ExtractPath certs\npm
+powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -CertName "Your Org Root CA" -ExtractPath certs\npm
 # Or use an existing PEM:
 powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -UseCert C:\path\to\ca.pem
 ```
@@ -391,7 +393,7 @@ powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all
 **Extract from store and configure all users (run as admin):**
 
 ```powershell
-.\install_certs_windows.ps1 -Package all -CertName Zscaler -ExtractPath certs\npm
+.\install_certs_windows.ps1 -Package all -CertName "Your Org Root CA" -ExtractPath certs\npm
 ```
 
 **Use an existing PEM (Machine-level env; User-level cert vars are deleted):**
@@ -430,12 +432,14 @@ Users must start a **new terminal** for env changes to take effect.
 
 **Exit code:** 0 if all checks passed, 1 if any check failed.
 
+Use a substring from your CA subject as `<ca-subject-pattern>` (find it with `openssl x509 -in <pem> -noout -subject`).
+
 ```powershell
 # After install: validate current user's env and cert path(s)
-.\validate_install_windows.ps1 -ExpectedSubject Zscaler
+.\validate_install_windows.ps1 -ExpectedSubject "<ca-subject-pattern>"
 
 # Validate every user's config (run as Administrator)
-.\validate_install_windows.ps1 -ExpectedSubject Zscaler -AllUsers
+.\validate_install_windows.ps1 -ExpectedSubject "<ca-subject-pattern>" -AllUsers
 ```
 
 ---

@@ -7,11 +7,11 @@
 #   sudo bash install_certs_debian_ubuntu.sh --use-cert /path/to/cert.pem [--package npm|python|huggingface|all]
 #
 # Examples:
-#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/ZscalerRoot0.pem
-#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/ZscalerRoot0.pem --package npm
-#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/ZscalerRoot0.pem --package python
-#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/ZscalerRoot0.pem --package huggingface
-#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/ZscalerRoot0.pem --cert-name zscaler-root
+#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/company-ca.pem
+#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/company-ca.pem --package npm
+#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/company-ca.pem --package python
+#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/company-ca.pem --package huggingface
+#   sudo bash install_certs_debian_ubuntu.sh --use-cert /tmp/company-ca.pem --cert-name my-org-ca
 #
 # What it does:
 #   1. Validates the provided PEM/CRT certificate
@@ -51,11 +51,11 @@ Options:
   -h, --help              Show this help
 
 Examples:
-  sudo $0 --use-cert /tmp/ZscalerRoot0.pem
-  sudo $0 --use-cert /tmp/ZscalerRoot0.pem --package npm
-  sudo $0 --use-cert /tmp/ZscalerRoot0.pem --package python
-  sudo $0 --use-cert /tmp/ZscalerRoot0.pem --package huggingface
-  sudo $0 --use-cert /tmp/ZscalerRoot0.pem --cert-name zscaler-root
+  sudo $0 --use-cert /tmp/company-ca.pem
+  sudo $0 --use-cert /tmp/company-ca.pem --package npm
+  sudo $0 --use-cert /tmp/company-ca.pem --package python
+  sudo $0 --use-cert /tmp/company-ca.pem --package huggingface
+  sudo $0 --use-cert /tmp/company-ca.pem --cert-name my-org-ca
 EOF
 }
 

@@ -12,7 +12,7 @@
 #                              (writes ~/<path>/package-route.pem). The PEM is a single
 #                              export of BOTH macOS Keychains (SystemRootCertificates +
 #                              System) — includes Apple's system roots AND enterprise
-#                              CAs like Zscaler. Cannot be combined with --use-cert.
+#                              enterprise SSL inspection CAs. Cannot be combined with --use-cert.
 #   --use-cert <path>          Path to an already-existing PEM cert file. Sets env vars
 #                              to point at this file; does not touch the Keychain.
 #                              Cannot be combined with --extract-path.
@@ -270,13 +270,13 @@ for homedir in /Users/*; do
 
     if [ -z "$USE_CERT" ]; then
         # Export ALL trusted root CAs from BOTH macOS Keychains into a single PEM file.
-        # This includes Apple's system roots AND enterprise CAs (including Zscaler).
+        # This includes Apple's system roots AND enterprise CAs.
         #
         # Why the Keychains (NOT /etc/ssl/cert.pem):
         #   - /etc/ssl/cert.pem is STATIC (only updated with macOS version upgrades)
         #   - SystemRootCertificates.keychain is DYNAMICALLY updated by Apple trust
         #     store updates, independent of macOS upgrades (~20-30 more CAs)
-        #   - System.keychain includes enterprise CAs deployed via MDM (e.g., Zscaler)
+        #   - System.keychain includes enterprise CAs deployed via MDM
         security find-certificate -a -p \
             /System/Library/Keychains/SystemRootCertificates.keychain \
             /Library/Keychains/System.keychain \

@@ -1,6 +1,6 @@
 # (c) JFrog Ltd. (2026)
 # Auto-Extract certificate from Windows store (or use existing PEM) and configure Node/npm and/or Python for Windows
-# Run: powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -CertName Zscaler -ExtractPath Zscaler\npm
+# Run: powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -CertName "Your Org Root CA" -ExtractPath certs\npm
 #   Or: powershell -ExecutionPolicy Bypass -File install_certs_windows.ps1 -Package all -UseCert C:\path\to\ca.pem
 #
 # Parameters:

@@ -357,7 +357,7 @@ jXKK5iDphL7LcKir6SLHxmyU339SrjNtTpiSBTU=
 
     # Subject mismatch
     $Run++
-    $r3 = Invoke-ValidateWithEnvPath -Path $CertPath -ExpectedSubject "Zscaler"
+    $r3 = Invoke-ValidateWithEnvPath -Path $CertPath -ExpectedSubject "wrong-subject"
     if ($r3.ExitCode -eq 1) { Write-Host "  OK ($Run): exit 1"; $script:Pass++ } else { Write-Host "  FAIL ($Run): expected exit 1, got $($r3.ExitCode)"; $script:Fail++ }
     $Run++
     if (($r3.Stdout + " " + $r3.Stderr) -match "no cert|matching|FAIL|subject|Result:.*failed") { Write-Host "  OK ($Run): output matches"; $script:Pass++ } else { Write-Host "  FAIL ($Run): output did not match"; $script:Fail++ }

@@ -5,8 +5,8 @@
 # Also checks /etc/profile.d/package-route-certs.sh when present.
 #
 # Run:
-#   bash validate_certs_debian_ubuntu.sh --expected-subject "O=Zscaler"
-#   sudo bash validate_certs_debian_ubuntu.sh --all-users --expected-subject "O=Zscaler"
+#   bash validate_certs_debian_ubuntu.sh --expected-subject "O=Example"
+#   sudo bash validate_certs_debian_ubuntu.sh --all-users --expected-subject "O=Example"
 #
 # Exit 0 = all checks passed.