Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate Authentification not workin

alexeh
New Contributor
‎08-29-2017 07:26:AM
‎08-29-2017 07:26:AM

Certificate Authentification not workin

Hello,


iam currently trying to implement certificate authentification on a PulseSecure 8.3R1 (build 55339) Test Server.
I've imported the selfsigned certificate to the truste client CAs. The certificate has been created on a test WinServer 2008 PKI and the cert got enrolled to the clients by GPO (meanwhile I also imported it manually about 100 times).
I've also set up a host-checker rule to check for this CA, suprisingly this is working.
But after the host-checker validation on my test-client it just shows "Missing vertificate. Check that your certificate is valid and up-to-date, and try again." even it should be checking for the same cert.
I've set the AD/PKI-Server as Auth Server (while using it as LDAP-Login, this is working so the connection is fine) and defined it as authentication method on the user realm. The user realm is restricted to "Only allow users with a client-side certificate signed by Trusted Client CAs to sign in" (iam not checking for cn,dn attributes or else yet).
My PKI issued a certificate to my client.
0 Kudos
Reply
4 REPLIES 4
alexeh
New Contributor
‎08-29-2017 09:44:AM
‎08-29-2017 09:44:AM

Re: Certificate Authentification not workin

Nice, now i've locked myself out of the admin-console due to host-checker and the missing certificate....crap
Reply
alexeh
New Contributor
‎08-29-2017 09:59:AM
‎08-29-2017 09:59:AM

Re: Certificate Authentification not workin

Recovered a snapshot.
Followed this tutorials but still have the same problem:
http://www.configrouter.com/junos-pulse-certificate-check-restriction-authentication-mobile-devices-364/
https://forums.pulsesecure.net/topic/pulse-connect-secure/17070-authenticate-users-with-their-certificate-only (list at the end)
0 Kudos
Reply
Olivn
Occasional Contributor
‎09-01-2017 09:09:PM
‎09-01-2017 09:09:PM

Re: Certificate Authentification not workin

But after the host-checker validation on my test-client it just shows "Missing vertificate. Check that your certificate is valid and up-to-date, and try again." even it should be checking for the same cert.
Make sure that the certificate installed is a "client certificate". HC don't care about the certificate extended key usage but to connect to PCS you need a "TLS Web Client Authentication (1.3.6.1.5.5.7.3.2)
" certificate.
0 Kudos
Reply
zanyterp
Moderator
Moderator
‎09-08-2017 01:35:PM
‎09-08-2017 01:35:PM

Re: Certificate Authentification not workin

Is the certificate you installed to the trusted client CA the CA that signed the certificate installed to users OR is it a client certificate for the PCS? If the latter, that should be happening. If the former, can you confirm that when you look at the installed personal certificates in IE that it is present?

Is the GPO-based installation for *machine* (Host Checker only) or *user* (browser & Pulse)?
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.