You have an NG-SWG customer that currently steers all Web traffic to Netskope using the...

To address the issue of a certificate-pinned application not being accessible due to certificate pinning, while still steering the traffic to Netskope, the two methods that would satisfy the requirements are:

B: Configure the SSL Do Not Decrypt policy to not decrypt traffic for domains used by the native application. This ensures that the SSL traffic for the specified domains is not decrypted, thus avoiding issues with certificate pinning.

C: Configure domain exceptions in the steering configuration for the domains used by the native application.By setting domain exceptions, traffic to these domains will bypass SSL decryption, allowing the certificate-pinned application to function as expected1.

These methods are in line with Netskope’s capabilities for handling certificate-pinned applications, which often require bypassing decryption to prevent breaking the application’s functionality due to its security features1.

References: The Netskope Knowledge Portal provides detailed information on managing certificate-pinned applications, including how to configure SSL Do Not Decrypt policies and domain exceptions in the steering configuration1.Additionally, the Netskope Community Forum offers insights and best practices for handling certificate-pinned applications2.