cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate Based Authentication on JUNOS Pulse

Regular Contributor

Certificate Based Authentication on JUNOS Pulse

Hi Experts

When JUNOS Pulse connect to SSL VPN I want not to put the username and password, it should be just certificate based authentication. Is it possible? How to generate the certificate for IPHONE from Microsoft CA and how to upload it to the JUNOS PULSE?

Thanks

3 REPLIES 3
Highlighted
Frequent Contributor

Re: Certificate Based Authentication on JUNOS Pulse

For Juniper's support on certificate authentication on iPhone see http://kb.pulsesecure.net/KB16897_

For installing certificate on iPhone see http://kb.pulsesecure.net/KB17116

Regular Contributor

Re: Certificate Based Authentication on JUNOS Pulse

Thanks Dear.

1- Regarding installing the certificate on the IPHONE, in step 6 what is this password?

To complete the installation, enter the password for the certificate and then select "Next" (located in the top right corner_)

2- If I want to generate the client certificate for IPHONE on Microsoft CA or any other CA, how to generate the certificate request from IPHONE?

3- The procedure for installing the CA root certificate on IPHONE is the same? How IPHONE differentiate it is client certificate and this is root certificate?

4- JUNOSE PULSE supports certificate based authentication? Its mention in the KB that its for Active Syn?

Thanks

Regular Contributor

Re: Certificate Based Authentication on JUNOS Pulse

The best way to install the client and CA certificates is to use the iPhone Configuration Utlity to create a configuration profile. You can download the ulity from the Apple web site. To set up the profile:

1. Clcik the New button and give the profile a Name

2. To add the certificates select Credentials in the profile naviagtor and then click Configure.

3. This will bring up a list of all certificates installed on you PC Select the reguired certificate and click Ok.

4. For the client certificate will be prompted to set a password for the certificate. This can be whatever you want.

5. On the credential page you willsee an entry for the certifcate. There is the option to enter the certifcate password (you just created) so there user doesn't get prompted for it.

6. Repeat for additional certifcates such as the CA certifcate.

If you have the iPhone pluggged into the PC you can transfer the profile straight to the phone using the same utility. Otherwise simply e-mail it the the user. When they get the mail they just need to tap on the profile and following the prompts to install.

I've not tried it myself yet but it appears you might also be able to configure the Pulse settings through the utility (VPN option)

Generating a certificate for the iPhone using the Microsoft CA is straightforward.

1. Go to the CA port (e.g. http://caserver.domain.com/certsrv)

2. Select "Request a certificate" then "advanced certificate request" then "Create and submit a request to this CA"

3. You need to fill in the "idenfiying Information" and check the "Mark keys as exportable" box. For everything else the defaults should work.

4. Click on Submit.

Once the certificate has been issued use the "View status of a pending certifcate request" to install it.

Once installed you can use it to create the profile as described above. Alternatively you can export the certifcate through Internet Explorer (Internet Options, Content tab then certificate button).