Configuring CLI Tools for Netskope SSL Interpretation When encryptClientConfig Enabled

3 months ago
29 January 2024
1 reply
152 views

Userlevel 2

Indu
Netskope Partner
10 replies

Hi Community Team,

The feature flag "encryptClientConfig" is a part of client hardening and is disabled by default. When this feature flag is enabled, it will encrypt Netskope folder files in client systems (both windows and macbook).

Example: Netskope adds nscacert.pem cert in "/Library/Application Support/Netksope/STAgent/data/" at the time of NS-client installation. When above feature flag is enabled, the file will be encrypted and will show as "nscacert.pem.enc". (Other files will be .enc too).

This encrypt feature breaks the CLI-Tools with Netskope SSL Interception. So, following KB instructions will not work.

https://docs.netskope.com/en/netskope-help/data-security/netskope-secure-web-gateway/configuring-cli-based-tools-and-development-frameworks-to-work-with-netskope-ssl-interception/

I am reaching out to community to find a workaround for above instructions when "encryptClientConfig" is enbabled.

Thanks & Regards,

Indu

1 reply

J

joelfilosa
New Member III
1 reply
1 month ago
20 March 2024

Hi Indu,

You can retrieve the needed files from your tenant in Settings → Manage → Certificates. The intermediate and root certs can be concatenated to the produce the nscacert.pem file you need.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded