Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Junos Pulse DOA with El Capitan (Mac OS 10.11)

SOLVED
Go to solution
sjlee0_
New Contributor
‎06-25-2015 10:48:AM
‎06-25-2015 10:48:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

I don't see that with my install (5.0.5). The following is my errors in system.log:

6/25/15 10:44:43.525 AM Junos Pulse[44489]: *** -[NSThread initWithTarget:selectorSmiley Surprisedbject:]: target does not implement selector (*** -[ConsoleAppDelegate scriptRunningProc])
6/25/15 10:44:43.532 AM Junos Pulse[44489]: .sdef warning for argument 'FileType' of command 'save' in suite 'Standard Suite': 'saveable file format' is not a valid type name.
6/25/15 10:44:43.939 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:45.610 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:47.378 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:48.955 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:50.474 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:52.015 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:53.596 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.
6/25/15 10:44:55.125 AM Junos Pulse[44489]: Attempting to deallocate <NSMachPort: 0x79ab9000> that has not had -invalidate called on it. Breakpoint on _NSPortError debug.

0 Kudos
Kita_
Valued Contributor
‎06-25-2015 10:51:AM
‎06-25-2015 10:51:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Not the system log.  The debuglog.log under /var/log/Juniper Networks/Logging.

0 Kudos
sjlee0_
New Contributor
‎06-25-2015 11:03:AM
‎06-25-2015 11:03:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Oh OK. I do see the same message in that log.

I went into the Keychain Access, and found "VeriSign Class 3 Primary Certification Authority - G5" under the system roots. Is taht the cert you're referring to?

Currently it is marked as valid. What is the workaround? Could you elaborate on the steps for the workaround? Thanks!

0 Kudos
Kita_
Valued Contributor
‎06-25-2015 11:13:AM
‎06-25-2015 11:13:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

It should exist under SYSTEM, not SYSTEM ROOTS.  Do you have a G5 root existing under SYSTEM?  If so, mark this as ALWAYS TRUSTED.

0 Kudos
sjlee0_
New Contributor
‎06-25-2015 11:18:AM
‎06-25-2015 11:18:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Thanks. I have it only under "system roots". I marked it always trusted anyway which put it under system. But I still see the errors... I guess it might be a different cert in our install? Is there a way to find out which cert junos is failing to verify?

0 Kudos
Kita_
Valued Contributor
‎06-25-2015 11:23:AM
‎06-25-2015 11:23:AM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Add the following intermediate to the SYSTEM store and change to "Always Trusted"

 

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id...

0 Kudos
mdesc_
New Contributor
‎06-25-2015 12:11:PM
‎06-25-2015 12:11:PM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Hi Kita,

I changed my G5 certificate to always trust and it is now in the System keychain. I keep getting the same errors and logging messages. Anything else that we can try?

Thanks

0 Kudos
Kita_
Valued Contributor
‎06-25-2015 12:15:PM
‎06-25-2015 12:15:PM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

The cert you have added is not correct.  It is showing the expiration date is 2036.  Please grab the one from the following URL:

 

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id...

 

It should state it is valid until 2021.

0 Kudos
mdesc_
New Contributor
‎06-25-2015 12:25:PM
‎06-25-2015 12:25:PM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

that did the trick! thank you very much. I first removed all g5 certs from my keychains. Downloaded the new one and installed it.

0 Kudos
Kita_
Valued Contributor
‎06-25-2015 12:53:PM
‎06-25-2015 12:53:PM

Re: Junos Pulse DOA with El Capitan (Mac OS 10.11)

Thank you for the confirmation.  I would not recommend remove any certificate from the SYSTEM ROOT store.  This could cause other issues as the G5 root is used as a trust anchor for a majority of issued VERISIGN/SYMANTEC certificates.  I foudn that adding it the G5 intermediate to the SYSTEM store is enough to workaround the issue.  

 

We are investigating this issue to see if there is any fault on our side and we will continue testing this scenario with each beta release.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.