ZT mTLS with Digicert Root CA?

Hey all,

We’re trying to have ZT mTLS work with a Digicert Root CA, as this is all that our customer can present on the client cert side.

In reading the CF docs, it appears that the CA pem file needs to be self-signed?

5. Paste the content of the ca.pem file into the Certificate content field.

  The CA certificate must be self-signed and, in the certificate setting X509v3 Basic Constraints, the 
  attribute CA must be set to TRUE.

So far, our customer is getting 403 back, which we confirm is due to them butting up against the access wall.

Is this a non-starter with a Digicert CA?

Many thanks