cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Interception + Zoom on Ubuntu 20.04 (Error Code 104107)

DaJo
Listener

Hello Zoom Community!

I run into an issue with ssl interception on ubuntu 20.04 (latest update).

We began the ssl interception nearly 2 months ago and at first i thought it is enough to put the certificate into the official ubuntu certificate storage (In PEM Format under /usr/local/share/ca-certificates and read it in with update-ca-certificate).  https://ubuntu.com/server/docs/security-trust-store

 

Now we're able to login in the zoom client but as soon as you try to connect to a meeting you get a certificate warning and an error code: 104107 with this message the meeting is terminated. I can't find any informations on this error code.

We are quite a large research institution and there is no option to trust the certificate anyways.

 

Also our network and security team won't whitelist zoom as suggested in a few links because it is working in windows without any issues. (Windows 10, latest patch)

 

I tried:

https://support.zoom.us/hc/en-us/articles/360052337271-Zoom-Untrusted-Server-Certificate-issues#h_01...

https://support.zoom.us/hc/en-us/sections/201740126-Troubleshooting-Zoom-Meetings

https://support.zoom.us/hc/en-us/articles/201362683

https://support.zoom.us/hc/en-us/articles/360044092031-Conference-Room-Connector-TLS-certificates

 

Please let me know why Zoom isn't working with the new root-ca.crt rightfully setup (as other tools like wget or curl are working). Or maybe give me a hint where zoom is searching for the certificates.

 

Bests,

Daniel.

 

 

 

 

4 REPLIES 4

DaJo
Listener

Update:

i tried to find logs describing this error but can't find anything useful while reproducing the error.

Logs i checked:

~/.zoom/logs/zoom_stdout_stderr.log

watched the system with:

journalctl --follow

 

Are there any other location to search for zoom logs?

Bests,

Daniel.

 

DaJo
Listener

Second Update:

i tried to find the certificate location via strace but it seems like zoom isn't even looking for certificates on the system. 

 

Here is the output of command "strace -e openat zoom":

openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/home/<user>/.zoom/logs/zoom_stdout_stderr.log", O_RDWR|O_CREAT|O_APPEND, 0664) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4177, si_uid=167844, si_status=0, si_utime=6, si_stime=5} ---
+++ exited with 0 +++

 

Any clues on this?

DaJo
Listener

Sooo, does anyone know anything about Zoom on Linux with SSL Inspection?

Should we just admit that there is an issue which won't be fixed anytime soon?

I could also provide more informations if anyone is willing to look into this with me.

Bests,

Daniel.

DaJo
Listener

We whitelisted Zoom from our ssl inspection and it's working for now.

I can't understand why it's working on Windows or Mac without whitelisting but for now we are good.