Netskope Community
08-14-2023 04:47 PM
Has anyone had issues resolving AWS CLI certificate errors when the Netskope Client is enabled? Multiple developers in our org have followed the steps in https://docs.netskope.com/en/netskope-help/traffic-steering/netskope-client/addressing-ssl-error-whi... for AWS CLI V2 and have even tried the older configure_tools.sh file that configures Netskope certs for common tools including AWS CLI. We have not had success in getting this to work.
08-15-2023 02:28 PM
I'm not a fan of the automated approaches. While they may catch several common tools, they don't do anything to educate the user on how to solve for uncommon tools.
We've published an internal document that explains the issue, and provides sample instructions for the common tools.
a week ago
We had success after one of our developers did the following:
Download ns_certbundle_aws_cli_v2.sh as referenced in https://docs.netskope.com/en/netskope-help/traffic-steering/netskope-client/addressing-ssl-error-whi...
Verify the awscertbundlevalue path on line 22 matches your system’s configuration
Create a nskp_config folder in the .aws directory to hold the certificate bundle
Move the downloaded script ‘ns_certbundle_aws_cli_v2.sh’ to the config folder.
Run the script:
Assuming the rest of the configuration is already in place, run this command to set the cert bundle in the aws config. Change cert bundle paths on.
Add ca_bundle = /Users/<user_name>/.aws/nskp_config/netskope-cert-bundle.pem to all profiles in /Users/<user_name>/.aws/config file
Last, we found that in some cases a new ca_bundle line in the [default] section in ~/.aws/config was added after the script was run, but needed to be removed as it conflicted with the same ca_bundle line under [profile default]. Remove this section and keep your [profile default] ca_bundle entry.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In