Netskope Community
05-24-2021
10:36 AM
- last edited on
11-22-2022
05:29 AM
by
Rohit_Bhaskar
Has anyone had any issues with interactive login's executed via powershell when behind the Netskope SWG?
For example: when connecting to exchange online or any kind of Microsoft service via powershell you are typically prompted with a O365 login prompt but when behind SWG we get "New-ExoPSSession : An error occurred while sending the request.."
I found 2 work arounds 1) disabling the Netskope client and 2) custom app in the steering configuration to bypass login.microsoft.com when connecting via powershell.exe. I'm wondering if anyone else had experienced this or could think of another work around.
Solved! Go to Solution.
05-24-2021 12:26 PM
Welcome to the Netskope community. The likely reason for this is that many development tools such as Powershell don't trust the system certificate store for TLS inspection. When you bypass Netskope by disabling the client or the certificate pinned application, you are no longer inspecting this traffic so it works. There's usually two options for apps that don't trust the system certificate store:
1. Bypass the application from inspection via a steering or TLS inspection bypass (easiest resolution but limits visibility)
2. Import the Netskope certificate into the application so it trusts the certificate or configure the application to trust the system certificate store.
You've already performed the first step but if you'd like to have Powershell trust the system store, you can follow the instructions here:
https://support.netskope.com/hc/en-us/articles/360023228553
05-24-2021 12:26 PM
Welcome to the Netskope community. The likely reason for this is that many development tools such as Powershell don't trust the system certificate store for TLS inspection. When you bypass Netskope by disabling the client or the certificate pinned application, you are no longer inspecting this traffic so it works. There's usually two options for apps that don't trust the system certificate store:
1. Bypass the application from inspection via a steering or TLS inspection bypass (easiest resolution but limits visibility)
2. Import the Netskope certificate into the application so it trusts the certificate or configure the application to trust the system certificate store.
You've already performed the first step but if you'd like to have Powershell trust the system store, you can follow the instructions here:
https://support.netskope.com/hc/en-us/articles/360023228553
05-25-2021 03:52 AM
That support article is what i really needed. Thank you!
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In