Creating a Custom Certificate Pinned Application

Creating a Custom Certificate Pinned Application

If you want to bypass web traffic from certain applications from the Netskope cloud, you can add them as a custom certificate pinned application.

To create a custom certificate pinned application:

  1. Go to Settings > Security Cloud Platform > App Definition.
  2. Click the Certificate Pinned Apps tab.
  3. Click New Certificate Pinned App.
  4. In the New Certificate Pinned Application window:
    • Application Name: Enter a name for the certificate pinned application.
    • Platform: Choose the operating system platform for this application. If this application is available on multiple platforms, click +Add Platform to add more definitions. Ensure you use:
      • Domain-based configuration for Android 9 or lower.
      • Process-based configuration for Android 10 or higher.
    • Definition: Enter the applicable program files of the application. You can add the definitions in the following format:
      • Exact: Enter the exact process name for matching. You can enter multiple entries separated by commas. Netskope doesn’t support input quotes or the absolute path. Enter only the process name, such as googleefs.exe.
      • RegEx: Enter the Perl Compatible Regular Expression (PCRE) to use wildcard formats for process names such as python*.exe or ^([a-zA-Z0-9_-]+).exe. You can enter multiple entries separated by commas. To learn more about regex supported formats and examples: Supported Regex.

        You also can use the nsdiag -x command to verify if the string matches the regular expressions:

        nsdiag -x <regular expression> <string to match>

        Following are some examples:

        ^client[0-9] will match ""
        C:Program Files (x86)NetskopeSTAgent>nsdiag -x "^client[0-9]" ""
        ^sgr[d]{1,3} will match
        C:Program Files (x86)NetskopeSTAgent>nsdiag -x "^sgr[d]{1,3}" ""
        pythond.d.exe will match python3.0.exe
        C:Program Files (x86)NetskopeSTAgent>nsdiag -x "pythond.d.exe" "python3.0.exe"
        (chrome)d+(?:.d+){2}.exe will match chrome1.1.1.exe
        C:Program Files (x86)NetskopeSTAgent>nsdiag -x "(chrome)d+(?:.d+){2}.exe" "chrome1.1.1.exe"
        b(w+)s1b will match "is is"
        e.g C:Program Files (x86)NetskopeSTAgent>nsdiag -x "b(w+)s1b" "is is"
    The New Certificate Pinned Application window for Exceptions under Steering Configuration.
  5. Click Save.

After creating your custom certificate pinned app, you can add it as an exception for your steering configuration.

Share this Doc
In this topic ...