cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse App: Missing Cert?

SOLVED
Highlighted
New Contributor

Pulse App: Missing Cert?

Hello,

 

I am trying to work out mobile client certs for authentication.  I already have a signed device cert for both internal/external ports of the juniper device, and I already have a self-signed CA.  Client certs work fine on desktops using that self-signed CA.  However, attempting to log in from the junos pulse app results in "missing certificate" regardless of how I attempt to install it.  (vie keystore, via file, as two separate .der formatted files, etc.)

 

This seems to be specific to the app, going to chrome on my tablet and just selecting a cert from the keystore works as well.

 

Is it because I am enforcing authentication through AD credientials AND certificate and the app can only do 1 or the other?  I'm kinda out of ideas here....

 

Thanks!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Valued Contributor

Re: Pulse App: Missing Cert?

Are we talking about iOS or Android?  Each device has a different way of implementing certificate authentication.  Here is a documentation we have created to attempt to cover all scenarios:

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB22019&actp=search&viewlocale=en_US&sear...

View solution in original post

2 REPLIES 2
Highlighted
New Contributor

Re: Pulse App: Missing Cert?

Sorry about that missing info:

I've tested this on both android and iOS and get the same result.  (I am using a Galaxy Nexus 10 and Moto X both running 4.4, my coworker is using an iPhone 5 running iOS 7).

Following the steps in that picture still ends up with a "missing certificate" error with the very same cert that allows access through a web browser.  It's almost as if the app is ignoring what cert I ask it to use and looking elsewhere entirely.

For what it's worth I am generating these certs self-signed using our own CA and openssl.  Let me know if you need any other information, thanks!

EDIT:  Scratch that!  I put the "mobile realm" we're using for this off onto it's own URL as to not require an active directory password (and so only require the cert) and everything works.

So then my new question would be:  Within the pulse app, can we require both a cert and a user's AD credentials?  The way we had it set up works for desktops/mobile browsers like I already said, so then perhaps there's a different configuration that will work for the app?  Or is that just not possible yet?

Double Edit:  Nevermind, I completely forgot about specifying an additional authorization server.  Somehow I blanked out on that, my bad.

Thanks!

Highlighted
Valued Contributor

Re: Pulse App: Missing Cert?

Are we talking about iOS or Android?  Each device has a different way of implementing certificate authentication.  Here is a documentation we have created to attempt to cover all scenarios:

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB22019&actp=search&viewlocale=en_US&sear...

View solution in original post