Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate check two users login with the same certificate.

fraidon
New Contributor
‎06-04-2016 02:06:PM
‎06-04-2016 02:06:PM

Certificate check two users login with the same certificate.

Recently, I have installed a CA on a Windows 2008 and created certificate for Pulse Secure 8.1R1 and upload CA trusted for client.

Steps that I have token

1. Created on realm level restriction (Only allow users with a client-side certificate signed by Trusted Client CAs...)
2. created a custom expression like this: user != certDN.serialNumber (to prevent other users using this certificate)
3. made a rule as custom expression for realm users

Now the problem is:

1. user1 login in Windows 7 pro, that my personal certificate has been installed able to login in Pulse Secure 8.1R1
that the owner of this certificate and other person while user1 logged in also able to login using user1 certificate.

In the Pulse Secure monitoring, I see this: Certificate realm restrictions successfully passed for user2/Users , with certificate '[email protected]

my question is what is the correct steps.


thanks in adv.

Best regards,
Fraidon Naistani
0 Kudos
2 REPLIES 2
zanyterp
Moderator
Moderator
‎06-07-2016 03:19:PM
‎06-07-2016 03:19:PM

Re: Certificate check two users login with the same certificate.

How are you logging in (AD, LDAP, system local)?
Is your serial number in the certificate a name or a number?
Does the username you use to login match the username format for your certificate?
Do you have any catch-all rules that would allow the users to login when the custom rule fails?
If you change the custom expression to be a true, meaning it has to match to be true, does it fail?
0 Kudos
fraidon
New Contributor
‎06-07-2016 07:13:PM
‎06-07-2016 07:13:PM

Re: Certificate check two users login with the same certificate.

Hi zanyterp,

How are you logging in (AD, LDAP, system local)?
A: User login on AD (Domain Controlle)

Is your serial number in the certificate a name or a number?
A: only numbers

Does the username you use to login match the username format for your certificate?
A: this cloud be a issue, because I see in the logs [CN=Test User] but I log with username [test]

Do you have any catch-all rules that would allow the users to login when the custom rule fails?
A: No but the can go to /certsrv if the haven't any certificate or want te request one

If you change the custom expression to be a true, meaning it has to match to be true, does it fail?
A: no answer yet

however I see in the Pulse Secure log this line so it maybe my issue with not working expression

[ Login failed. Reason: Wrong Certificate::unable to get certificate CRL]

thnx a lot for your kindly sug. I am going to fix those issues first.

Fraidon Naistani
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.