In some environments, the ZappySys License Manager may still appear OFFLINE even after all required URLs and ports have been correctly whitelisted. This issue is particularly common in Azure IaaS and other highly controlled infrastructures where policy-based network restrictions can block or alter SSL certificate chains.
Furthermore, many corporate networks employ SSL interception or Deep Packet Inspection (DPI) using security platforms such as ZScaler, Palo Alto, Mimecast, Forcepoint, and similar technologies. When HTTPS traffic is intercepted or rewritten, the certificate delivered to the ZappySys License Manager may differ from the original zappysys.com certificate. As a result, the License Manager may encounter trust validation errors or connectivity issues despite proper whitelisting.
In the reported case, the HTTPS connectivity test (PowerShell + ZS REST API Task) returned the following error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Additionally, the ZS REST API Task succeeded only when Ignore SSL Certificate Errors was checked, confirming an SSL trust issue.
Eventually, installing the Starfield Class 2 Certification Authority Root Certificate - G2 resolved the problem.
This article provides the exact steps to fix the issue.
1. Verify HTTPS Trust Issue
If the machine cannot establish a secure SSL/TLS connection to https://zappysys.com, the License Manager will remain OFFLINE.
Symptoms include:
- In the browser able to open the site
https://zappysys.com - PowerShell test fails with SSL/TLS trust errors.
- ZS REST API Task works only when “Ignore SSL Errors” is enabled.
- License Manager status remains OFFLINE.
2. Install Required SSL Certificate (Recommended Fix)
As advised by our development team, please install the correct Root / Intermediate CA certificates on the affected server/machine and verify if the OFFLINE issue is resolved.
Steps to Export and Install Certificate via Google Chrome / Edge
-
Open Chrome or Edge and navigate to:
-
Click the Padlock icon → Connection is secure → Certificate (Valid).
-
Go to the Certification Path tab.
-
Select the top-most certificate (Starfield Root Certificate Authority - G2) → click View Certificate.
-
Go to Details → Copy to File… → export the certificate (.CRT).
-
Save it e.g.
Zappysys.crt
-
Double-click the exported file → Install Certificate.
-
Choose Local Machine.
-
Place it into Trusted Root Certification Authorities.
After completing this, try re-opening the ZappySys License Manager and activating your original ONLINE license key again.
3. Download the Certificates Directly (If Needed)
If exporting through Chrome is not convenient, you may download the required Root and Intermediate CAs directly from the Starfield repository:
Download Links
- Starfield Class 2 Certification Authority Root Certificate - G2
Download from:
https://certs.starfieldtech.com/repository/
Install Into These Stores
Install each certificate into both:
- Local Computer → Trusted Root Certification Authorities
- Local Computer → Intermediate Certification Authorities
This ensures full trust chain validation for HTTPS connections.
4. Final Step
After certificates are installed:
- Restart the machine (Optional).
- Open ZappySys License Manager.
- Attempt to activate the online license key again.
You should now see the status changed from OFFLINE → ONLINE.
Conclusion
This issue occurs when the machine cannot fully validate the SSL certificate chain for https://zappysys.com. Installing the correct Root/Intermediate CA resolves the SSL trust failure and restores the License Manager’s online functionality.