Configuring CLI Tools for Netskope SSL Interpretation When encryptClientConfig Enabled

  • 29 January 2024
  • 1 reply
  • 114 views

Userlevel 2
  • Netskope Partner
  • 10 replies

Hi Community Team,

 

The feature flag "encryptClientConfig" is a part of client hardening and is disabled by default. When this feature flag is enabled, it will encrypt Netskope folder files in client systems (both windows and macbook).

Example: Netskope adds nscacert.pem cert in "/Library/Application Support/Netksope/STAgent/data/" at the time of NS-client installation. When above feature flag is enabled, the file will be encrypted and will show as "nscacert.pem.enc". (Other files will be .enc too).

This encrypt feature breaks the CLI-Tools with Netskope SSL Interception. So, following KB instructions will not work. 

https://docs.netskope.com/en/netskope-help/data-security/netskope-secure-web-gateway/configuring-cli-based-tools-and-development-frameworks-to-work-with-netskope-ssl-interception/

 

I am reaching out to community to find a workaround for above instructions when "encryptClientConfig" is enbabled.

 

Thanks & Regards,

Indu


1 reply

Hi Indu,

You can retrieve the needed files from your tenant in Settings → Manage → Certificates. The intermediate and root certs can be concatenated to the produce the nscacert.pem file you need.

 

Reply