Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

jspanitz_
Frequent Contributor
‎10-10-2014 02:01:PM
‎10-10-2014 02:01:PM

SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

Using x509 certs and issues them to users.

 

If we install Pulse from the SA / MAG no problems.  The process would be:

  • Go to cert portal and get cert
  • Go to SSL VPN portal and sign in using cert
  • Install Pulse
  • Connect to SSL VPN using Pulse and cert

 

If we install Pulse using a push install we have issues.  The process would be:

  • Pulse is installed along with connection profile
  • Go to cert portal and get cert
  • Connect to SSL VPN using Pulse and cert <<<<----  THIS FAILS with with "Missing or invalid client certificate"

 

Now to get it to work, we have the user do this:

  • Go to SSL VPN portal and JUST select the cert and hit ok - no need to sign in
  • Close browser
  • Connect to SSL VPN using Pulse and cert - All is good

 

After doing that just once, it works from Pulse everytime after that.  Any clues why it behaves this way? 

0 Kudos
5 REPLIES 5
Kita_
Valued Contributor
‎10-10-2014 05:21:PM
‎10-10-2014 05:21:PM

Re: SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

I have not heard of any issues.  I would be interested to see the debuglog.log from the Pulse client.  It should output data how it is evaluating the client certificates.  This would help pinpoint if it is even evaluating the certificate or not during the issue.

0 Kudos
ruc_
Regular Contributor
‎10-12-2014 10:55:PM
‎10-12-2014 10:55:PM

Re: SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

Is the Junos Pulse Client connection option 'Dynamic certificate trust' enabled?

0 Kudos
dcvers_
Regular Contributor
‎10-13-2014 05:12:AM
‎10-13-2014 05:12:AM

Re: SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

Not sure why this would affect the certificate authenitcation but it could be there is a difference between the configuration profile you are using for the manual install and the current configuration on the MAG. Logging in via a browser will update the users lcoal configuration which could explain why everything starts working.

 

To check try exporting the configuration again and compare it to the file you are using for the install.

0 Kudos
jspanitz_
Frequent Contributor
‎10-13-2014 06:00:AM
‎10-13-2014 06:00:AM

Re: SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

Verified the connection set is the same.  Even tried installing again with re-exported set, same results.  Also verified the Dynamic certificate trust is set.

 

I completely agree that hitting the URL via the browser is updating something, but just to calrify, we never log in fully, we just select the cert and then close the browser.  Not fully aware of when the connection profile is downloaded, but this seems to early in the process for that to be occuring.

0 Kudos
ruc_
Regular Contributor
‎10-13-2014 05:58:PM
‎10-13-2014 05:58:PM

Re: SSL Certs and Pulse - Strange Issues depending on how we make the 1st connection

Does the failure occur if user's machine has only one client certificate? It sounds like a bug. I recommend reporting to TAC.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.