cancel
Showing results for 
Search instead for 
Did you mean: 

Android - Client certification auth

Not applicable

Android - Client certification auth

Hi, does anybody usening Junos Pulse on Android 2.2 with user certificate auth on SA ? I
8 REPLIES 8
Occasional Contributor

Re: Android - Client certification auth

Hi,

I just got request from customer.

Will need to test this out.

Will give you report later.

What about you? Any issues, how is it going?

Regards

Damjan

Occasional Contributor

Re: Android - Client certification auth

Hi,

first you need to follow this kb:

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB19692&cat=ssl_vpn&actp=LIST

You need to convert your pkcs12 cert to .pem and then to .der format.

Still not able to connect to ssl vpn, but those certs works via windows or linux machine.

I have case now with Juniper, I will keep you posted with progress.

Regards

Occasional Contributor

Re: Android - Client certification auth

Hi,

authentication is working fine. Just follow kb I mentioned in previous post!

Regards

Occasional Contributor

Re: Android - Client certification auth

I followed the instructions in the KB and I get "Failed to connect to the server!"

In the certificate.pem (before converting to .der) do you only have one cert, or the chain to the root?

Valued Contributor

Re: Android - Client certification auth

Hello jpayne,

Do not include the chaining certificate in the certificate.pem as this will cause issue. Ensure only the public key of your client certificate is included, then convert to binary or DER format. This is important as Junos Pulse does not understand base64.

Occasional Contributor

Re: Android - Client certification auth

That's exactly what I did. I just did it again. Still no dice, java IO exception:

java.io.EOFException
at libcore.io.Streams.readAsciiLine(Streams.java:203)
at libcore.net.http.HttpEngine.readResponseHeaders(HttpEngine.java:547)
at libcore.net.http.HttpEngine.readResponse(HttpEngine.java:787)
at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:274)
at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:168)
at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:270)
at net.juniper.junos.pulse.android.g.b.a(Unknown Source)
at net.juniper.junos.pulse.android.JunosApplication.g(Unknown Source)
at net.juniper.junos.pulse.android.ui.SignInActivity.b(Unknown Source)
at net.juniper.junos.pulse.android.ui.SignInActivity.a(Unknown Source)
at net.juniper.junos.pulse.android.ui.SignInActivity.a(Unknown Source)
at net.juniper.junos.pulse.android.ui.fa.onPageFinished(Unknown Source)
at android.webkit.CallbackProxy.handleMessage(CallbackProxy.java:275)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:4340)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)

at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:784)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)
at dalvik.system.NativeStart.main(Native Method)

The ncsvc.log file also contains:

20111227173526.324107 ncsvc[p8657.t8657] androidipc.error Unable to connect to vpntools at /data/local/tmp/tunctl, err: No such file or directory, giving up
(androidipc.cpp:72)

Valued Contributor

Re: Android - Client certification auth

Hello jpayne,

It sounds like you may be running into other issues with the Junos Pulse client. I would suggest opening a case and provide the Junos Pulse logs and what version of Junos Pulse included in the case notes. We'll need to take a deeper look into the logs to find the root cause.

Occasional Contributor

Re: Android - Client certification auth

Yeah, I did open a case. And as is my experience with almost all of JTAC, the lazy way out was taken... "Samsung Galaxy Nexus and Android 4.0 is unsupported". Why bother looking at logs?

(I'm not trying to imply anything about the specific JTAC engineer - this is a direct result of support people being motivated to minimize the number of open tickets in their queue as opposed to increasing customer satisfaction)