I'm trying to implement machine authentication with computer certificate. Since I could not find a complete tutorial, I'm relying on the pulse admin guide and information from this forum.
Here ist what I configured so far:
1. created a certificate based auth server and kept the default entry "<certDN.CN>" under "User Name Template"
2. exported our windows ca and then converted the p12 cert+privatekey to PEM format. Then I imported the PEM to the trusted client CAs and deactivated the "Participate in Client Certificate Negotiation" checkbox
3.created a realm with the certificate auth server for authentication und added a role mapping with username = *
4. created a connecttion set with computer only auth
5. installed the connection set on a client
6. the win10 client already has a computer cert via AD auto enroll
when I'm trying to connect, I get a "missing or defektive certificate" message from the client (error 1332). The pulse appliance log says "1. Testing Certificate realm restrictions failed for /ma" "2. Login failed. Reason: No Certificate"
I'm not sure what I did wrong. Are windows CA computer certs compatible with pulse secure? I could not find a lot of info on that.
Maybe the problem ist the trusted client CA? Or I configured something wrong?
btw. our other realms via ldap and AD auth are working fine.
I would be very happy for any help. Maybe someone has a complete guide on this?
Solved! Go to Solution.