Hi

i have a problem with the IPAD. when the users press "back" button on iPad's Safari the CSS styles get lost. What this happens???

Thanks

Hi all, i'm trying to make certificate authentication ( by that i mean the client must have the cert to log-in ) works on ipad/iphone with pulse. It seem that each time i configure the connection in the pulse client on the ipad, the only cert available to me for certificate authentication is one that not correpond to the one i put in the SSL box. I used the iphone configuration utility ( ipcu ) to put the profile on the ipad, and it look like the ipcu "sign" the cert that i used. Now eve if i dont used the ipcu utilty and send the certificate by email, install it, and look into the profile, it's not the same has in the junos pulse client.

i did try with a new device that did not have junos pulse install before, and use the cert send by email. In that case, there is no cert available in junos pulse to use in the connection configuration.

I know the config on the ssl box is good, with android, ( even if it's not exactly the same procedure ) the certificate check is working.

Is there a trcik i'm missing here or do i need like an apple cert to import in the ssl box ?

hope i'm clear here.

thanks.

You need to use the iPCU to install the user certificate and set it as the credential to use for the Pulse application. Installing via email does not work to allow Pulse access to use it.

i did use the ipcu. In fact i did try both way's. via email on a fresh device, the cert does not appears in junos pulse.

So do i need the apple cert that is available to developper or somenthing like that. I know for a fact that you need it for exemple on mcafee EMM wich is the mobilty manager.

No, you should not need that.

You need to create a VPN profile that has BOTH the VPN client config for certificate authentication and the certificate installed. I have done this several times without an issue. You cannot install one or the other; you have to install both at the same time with the VPN on Demand flag configured

Still no luck, with this error msg ( see attached )

Let try to get it the basic check up again if you dont mind:

Here is what i've done :

1) sign-in page : made a /ipad that point to a ipad realm.

2) auth server : made a test.ipad auth server that is a certificate server that looks for certDN.CN

3) Realm ipad : configure with the auth server test.ipad and with a authentication policy that has a certificate restriction allowing only the trusted client CA to sign in. ( role mapping is also made etc etc.. )

4) Truted CA config : In the trusted CA config , i uploded the home made CA from our compagny certificate server. During test i also put in one that i made with openssl. They both work on the android platform.

On the ipad / iphone device running version 5 of iOS, i download and install junos pulse client.

Here two things:

1) i try emailing myself the certificate and openning it and installing it on the ipad. The certificate did not show up in junos pulse config to bu used.

2) i used the apple iphone configuration utility

a) in this utility, i created a configuration profile that has credential configure with the same cert uploaded on the SSL box.

b) Installed the config on the iphone / ipad, installed the certificate. In junos pulse the is a cert available tha show a string of number instead of name, and in profile i got two thing. IPCU profile, and the certificate that i want.

Now when i look in the log on the ssl box, it says that the the status of the cert xxxx ( wich is the string of number in the junos pulse cert ) cannot be verified because the cert yyyy is not trusted. That yyy cert, i dont know where is coming from.... i wold like very much to install it like a intermediate cert....

I dont know if i made a lot of sense. Sorry for my english also.

I will appreciated a little help. I did open a couple of ticket with support, but nothing went very far.

I am not very good with certificates and I struggled with this for ages in my test lab. Finally got it working and created a document. Not sure if it will help but send me your email in a private message and I will send to you to try.

You say " in this utility, i created a configuration profile that has credential configure with the same cert uploaded on the SSL box". Do you mean you used exactly the same certificate? For the iPhone you need a certificate issued by the Certificate Authority not the CAs certificate itself. The CA certificate won't appear in the list of available certificates on the iPhone because it is not a valid device authenitcation certificate.

The certificate you see with numbers and letters name is an internal certifcate on the device and should be ignored.