cancel
Showing results for 
Search instead for 
Did you mean: 

Junos Pulse Certificate problem

SOLVED
Astuto_
Occasional Contributor

Junos Pulse Certificate problem

Hello Everyone,

I have made a client certification and CA certification. After that, I installed the client Certification into an iPhone using iPhone Configuration Utility. And then I installed the CA Certification into the Secure Access. I can access the SA using Certifications from My PC and Safari on the iPhone. But when I use the Junos Pulse Application, I cannot access the SA. How should I configure the Secure Access to fix this problem?

Thank you,

1 ACCEPTED SOLUTION

Accepted Solutions
spuluka
Super Contributor

Re: Junos Pulse Certificate problem

If you do this in the browser it should tell you which of the three reasons it does not like the certificate when you select the details.

unrecognized authority (the CA did not install for you properly)

Mismatch of the connection url and the url in the certificate. You will need to reissue the certificate for the correct url.

Certificate expired. The end date on the certificate has expired and well need to be reissued and installed.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

View solution in original post

13 REPLIES 13
pkcpkc_
Occasional Contributor

Re: Junos Pulse Certificate problem

Check in the logs the difference between the pc connection and the iphone one. Does the iphone browser prompt for a certificate when you connect to the ssl vpn ?
dcvers_
Regular Contributor

Re: Junos Pulse Certificate problem

You may need to install the CA certificate for the certificate used on the VPN box onto the iPhone.

To troubleshoot further you can use the iPhone Configuration Utility (available from Apple Web site). Load this and connect your iPhone to the PC. Select it in the device list and then choose the console tab. Now try connecting with Pulse and see if it gives any clues to the issue

Astuto_
Occasional Contributor

Re: Junos Pulse Certificate problem

>Does the iphone browser prompt for a certificate when you connect to the ssl vpn ?

Yes, when I use Safari on iPhone, it prompts for a certificate. But When I use Junos Pulse connection, it fails.

Astuto_
Occasional Contributor

Re: Junos Pulse Certificate problem

I installed CA certificate onto iPhone.But error is desplayed "VPN Connection Failed The Server Certificate is invalid"

spuluka
Super Contributor

Re: Junos Pulse Certificate problem

If you do this in the browser it should tell you which of the three reasons it does not like the certificate when you select the details.

unrecognized authority (the CA did not install for you properly)

Mismatch of the connection url and the url in the certificate. You will need to reissue the certificate for the correct url.

Certificate expired. The end date on the certificate has expired and well need to be reissued and installed.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

View solution in original post

aalexg_
Not applicable

Re: Junos Pulse Certificate problem

Hi,

I have same problem. Everething is working fine from the browser but not from the client. The bad thing is that the safari cannot launch pulse. I also have an open case with juniper and so far no resolution.

m_blackbird_
Occasional Contributor

Re: Junos Pulse Certificate problem

Same problem Here.

With the same client certificates iphones are able to connect to our TLS WiFI network.

Now our Internal PKI uses SHA2 as digest algo. So before beginning the usually hard and time consuming odyssey that always arises when opening a support case, I just asked JTAC to tell me whether sha2 algos are supported by Pulse. Well I have been waiting for longer then 10 days for an answer that should just be "Yes" or "No"

Unbelievable!

stine_
Super Contributor

Re: Junos Pulse Certificate problem

If you run a sniffer on your client, you can see the SSL handshake in the clear. If you connect from a client with SHA2, you should be able to see the response that is returned from the SA. IIRC, it will be a Server Reply message.

m_blackbird_
Occasional Contributor

Re: Junos Pulse Certificate problem

At the end I got the answer from Jtac.

Pulse DO support sha2 so I'll open a case.

How can I run a sniffer on a Iphone or Ipad?

I already know that from windows client everything works fine ...

Regards

MM