Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Machine Certification before connecting SSL-VPN with using Hostchecker

sk
New Member
‎12-26-2016 10:39:AM
‎12-26-2016 10:39:AM

Machine Certification before connecting SSL-VPN with using Hostchecker

I have a customer who want to connect SSL-VPN with PSA.

by performing several test, I know, to connect SSL-VPN, I need to use user-certification
instead of machine certtification.

but before checking cert, PSA rent time had been past, and I'm confused.

Can PSA Hostchecker check machine certification before connect SSL-VPN?
Following KB said it can with OpenSSL, but did not mention the timing.
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB16992

and our SIer said PSA cannot check machine cert, but they cannot explain why.
0 Kudos
Reply
1 REPLY 1
zanyterp
Moderator
Moderator
‎12-29-2016 06:26:AM
‎12-29-2016 06:26:AM

Re: Machine Certification before connecting SSL-VPN with using Hostchecker

You can do a machine certificate check using Host Checker for Windows machines.
This is configured at Authentication>Endpoint Security>Host Checker>policyName>machineCertificateCustomRule
You can have the check be done in order to see the realm (require and enforce on the realm) or as part of the role mapping process (evaluate on the realm; enforce on the role).

You can also do machine certificate authentication with Pulse where the Pulse client checks the machine store for the certificate to use to authenticate.

Can you expand further on what you are looking to achieve vs what you are seeing?
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.