cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication Policy - Certificate not working (Page not found / Missing certificate)

Occasional Contributor

Authentication Policy - Certificate not working (Page not found / Missing certificate)

I'm trying to set up a realm on my pcs3000 that should only allow users with a particular certificate (yubikey loaded with a certificate). 

 

I've added the root and intermediate certificate to the "Trusted Client CA's" and I've choosen "Only allow users with a client-side certificate signed by Trusted Client CAs to sign in. To change the certification authority, see the Trusted Client CA page." on the realm. 

 

Loaded the Yubikey with the certificate, when I try to logon I'm prompted for the pin for the smartcard and after I've typed it in, it redirects to a page ang gives me "Can’t connect securely to this page" (Edge, in chrome it gives me page missing) when refreshing the page it says "Missing certificate. Check that your certificate is valid and up-to-date, and try again."

 

The certificate is issued as an "smart card" certificate.

 

What have I missed? 

 

I'm running 9.1R2 (build 2331)

2 REPLIES 2
Moderator
Moderator

Re: Authentication Policy - Certificate not working (Page not found / Missing certificate)

Did you create a certificate server and mapped it under the Realm for authentication, correct?

 

If yes, please replicate the issue and provide the pulse client logs for review:

 

Pulse Client Logs:

1. Open Pulse Client.
2. File >> Logs >> Annotate >> "any.text"
3. File >> Logs >> Log level >> Detailed.
4. Replicate the issue i.e wait until the cert error message shows up.
5. File >> Logs >> Save as.

Pulse Connect Secure Certified Expert
Moderator

Re: Authentication Policy - Certificate not working (Page not found / Missing certificate)

what SSL/TLS version are you using? if the PCS is using a version that is disabled on the client (or browser), it will not work.
does the same behavior occur without cert auth? do non-yubikey certificates show the same behavior?
is the sign-in URL that you are using in the browser the same as you have configured on the appliance?