We were trying to use a certificate server to authenticate and it worked fine, until we had a single client certificate. To test I used another iphone and a new certificate, and configured it exactly as the one which was working (different certificate ofcourse).
Using the Junos Pulse I am getting a message: Timed out! Retry?Ó and NO or YES options, and immediately after that I get: VPN Connection The server certificate has expired. Contact your network AdministratorÓ. However when I launch the browser and login to the SA2000 using the same certificate I am able to get in. So the certifcicate seems to be ok.
Is this some bug in the Pulse client or something I can do to make it work?
My work around:
During troubleshooting, I changed the authentication method, to LDAP authentication, it worked and when I switched back to Certificate authentication it worked only when I had entered the complete credentials for LDAP in my previous step.
[Note my certificate issuing server is same as the AD.]
Now this work around is unreliable and not practical, and if I delete the working configuration and add it back again I again start getting the same errors on Pulse, at the same time using the browser (using the certificates) it works with no issues.
I am using version 220.127.116.1159 for Pulse
And version 4.2.1 (8C148) for our iphones.
Any ideas? Known Bugs?
What do you mean by "single client certificate": that you have one cert for all users or going to cert auth instead of LDAP/AD? If all users will have one cert, this will not work as there can only be one session per user (unless you are on 7.0 and have enabled multiple sessions and have the same number allowed as your license/expect to have iOS devices connected).
This sounds like something that is not working in Pulse and you will need to work with JTAC on a fix (I can't say for sure right now as I don't have access to test; but will try to test and post when I am in the office tomorrow).
Did you have this issue using Pulse 1.0? Or is this a new implementation completely?