cancel
Showing results for 
Search instead for 
Did you mean: 

Missing or Invalid Certificate error when user's personal certificate is auto-renewed

Not applicable

Missing or Invalid Certificate error when user's personal certificate is auto-renewed

It appears any user who has selected the option to save settings when they initially connected and selected their personal certificate is getting their connection denied when that certificate is automatically renewed. It seems that instead of either a new prompt to select their certificate or the Pulse client just using the new renewed cert, they get the error "missing or invalid certificate". Does the desktop Pulse Connect really not have the ability to handle a certificate renewal gracefully, or have we missed some kind of configuration option?

The clients are all Win7 x64 Enterprise using a domain personal certificate as the second factor authentication. Appliance is running 8.1R9 and the desktop clients are 5.2.3.537.

When having the user right click on the connection profile and choose to "forget saved settings" it resolves the error, but that doesn't cut down on the number support calls we're getting which is basically every remote user so far as their certificate is renewed. If there isn't a way to have the client handle the renewal better, are there any instructions on how to deploy a GPO or something to instruct all clients to forget saved settings and block them from choosing that option?
1 REPLY 1
Highlighted
Moderator

Re: Missing or Invalid Certificate error when user's personal certificate is auto-renewed

Yes, that is correct: the client will not update to the new certificate
If the old certificate is removed, it will prompt again; but it will not pick up the updated certificate detail
I would recommend connecting with your account team to ask them for an enhancement request to this behavior
Unfortunately, there is no way to force the settings to be forgotten. If you push out a client update that does not allow saved settings, this will remove the saved values (but will require them to already be connected).
I would recommend connecting with your account team to ask them for an enhancement to jamCommand that will allow an admin to push out the change without requiring users to connect.