Netskope Help

Configure the Certificates

With connectivity now configured, you need to set up a server certificate, which will be presented by the Auth Proxy during the SSL inspection. This certificate must be issued from a valid CA. For example, in the O365 Active Auth flow, the O365 cloud directly communicates with the Auth Proxy.

Note

Make sure that the Auth Server's server certificate uses a fully-qualified domain name as the common name.

To configure the certificates:

  1. Enter the command:

    set dataplane auth-proxy ssl-proxy server-cert
    
  2. Copy and paste your server certificate (only one public key section).

  3. Press Enter, then enter Ctrl-D to exit.

  4. Enter the command:

    set dataplane auth-proxy ssl-proxy server-key
  5. Copy and paste your private key.

  6. Press Enter, then enter Ctrl-D to exit.

  7. Enter the command:

    set dataplane auth-proxy ssl-proxy server-intermediate-ca-chain
  8. Copy and paste any intermediate certificates.

  9. Press Enter, then enter Ctrl-D to exit.

  10. Configure the auth server host-IP mapping. Auth Proxy frontends the authentication and must communicate with the external interface of the auth server. To ensure this happens for users coming from outside your network, you must configure the external interface host-IP mapping of your auth server using the following commands:

    set dataplane auth-proxy adfs-hostname
    set dataplane auth-proxy adfs-public-ip
  11. The healthcheck is complete. Use the following command to disable the healthcheck:

    set healthcheck enable false
  12. You must save the configuration. Save the configuration using the save command, and then press Enter.