Configuring CLI Tools for Netskope SSL Interpretation When encryptClientConfig Enabled

  • 29 January 2024
  • 1 reply

Userlevel 2
  • Netskope Partner
  • 10 replies

Hi Community Team,


The feature flag "encryptClientConfig" is a part of client hardening and is disabled by default. When this feature flag is enabled, it will encrypt Netskope folder files in client systems (both windows and macbook).

Example: Netskope adds nscacert.pem cert in "/Library/Application Support/Netksope/STAgent/data/" at the time of NS-client installation. When above feature flag is enabled, the file will be encrypted and will show as "nscacert.pem.enc". (Other files will be .enc too).

This encrypt feature breaks the CLI-Tools with Netskope SSL Interception. So, following KB instructions will not work.


I am reaching out to community to find a workaround for above instructions when "encryptClientConfig" is enbabled.


Thanks & Regards,


1 reply

Hi Indu,

You can retrieve the needed files from your tenant in Settings → Manage → Certificates. The intermediate and root certs can be concatenated to the produce the nscacert.pem file you need.