Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

(Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

MikeIke
Occasional Contributor
‎03-24-2020 09:07:AM
‎03-24-2020 09:07:AM

(Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi, 

Im working into a (docker linux container) from windows and ihave a Ubuntu image with pulse secure installed with its dependecies. Here my problem:

-On windows using the 'windows pulse secure app' i can connect to the vpn without using a certificate.

-On linux i cant connect using CLI "PulseClient_x86_64.sh" because the command needs a certificate.

Example command: 

/usr/local/pulse/PulseClient_x86_64.sh -h 11.11.11.11 -u user1 -p pass1 -U https://test.test -r users

-Anyone can tell me what is the problem?

-is it possible to connect using CLI without certificate?

0 Kudos
7 REPLIES 7
r@yElr3y
Moderator
Moderator
‎03-25-2020 07:37:PM
‎03-25-2020 07:37:PM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Please use VPN server hostname instead of IP address and make sure the SSL certificate chain of the VPN server is complete/trusted by the Linux machine.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
MikeIke
Occasional Contributor
‎03-26-2020 03:39:AM
‎03-26-2020 03:39:AM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi!,

 

Thank you very much for your answer but,

How can I make sure the SSL certificate chain of the VPN server is complete/trusted?

 

My problem is similar to the another, i have not message, not error, nothing:

 

[email protected]:/usr/local/pulse# /usr/local/pulse/PulseClient_x86_64.sh -h webvpn.interserv.com  -u mycomp\\USER -p PASSWORD -U https://webvpn.interserv.com/dana-na/auth/url_47/welcome.cgi -r interserv
Checking for missing dependency packages for command line client ...
executing command : /usr/local/pulse/pulsesvc -h webvpn.interserv.com -u mycomp\USER -p PASSWORD -U https://webvpn.interserv.com/dana-na/auth/url_00/welcome.cgi -r interserv

[email protected]:/usr/local/pulse#

 

Regards

0 Kudos
r@yElr3y
Moderator
Moderator
‎03-26-2020 05:52:PM
‎03-26-2020 05:52:PM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

You can use the below openssl command to verify the certificate chain:

 

openssl s_client -connect <VPN hostname>:443

 Look under Certificate chain, and you should seeing two if the VPN server certificate is signed by an Intermediate CA, if yes, then the chain is complete.

 

# Regarding the command syntax, it should be like 

/usr/local/pulse/PulseClient_x86_64.sh -h webvpn.interserv.com  -u USER -p PASSWORD -U webvpn.interserv.com/<STRING> -r interserv

UserSmiley Tongueassword should same as what you use in the browser session, URL has to be just the hostname. 

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
MikeIke
Occasional Contributor
‎03-30-2020 04:56:AM
‎03-30-2020 04:56:AM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi thank you very much for your answer, i think that the problem is here:

 

I used this command = 

openssl s_client -connect <VPN hostname>:443

 

"unable to get local issuer certificate" and "unable to verify the first certificate""No client certificate CA names sent"

 

Ithink that i need to create previously a local certificate but i havent... the server returns me a Server certificate but i dont know how it works. 

 

I dont know how to fix it

0 Kudos
r@yElr3y
Moderator
Moderator
‎03-30-2020 06:26:PM
‎03-30-2020 06:26:PM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

No worries, these articles should help you out:

 

KB40127 - Obtaining/converting the PCS device certificate for use with the Pulse Secure client on Li...

 

KB40200 - How to verify the server certificate with Pulse Secure Linux

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
MikeIke
Occasional Contributor
‎04-02-2020 03:26:AM
‎04-02-2020 03:26:AM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi!

 

Iam reading the first link/article and into the Point 2 says:

2. Select the device certificate that is applied to the port that Linux users will be signing in with.

 

By my side, when i use openssl s_client -connect ip:443, the server returns me "Server certificate" and in another line .../CN=DigiCert SHA2 Secure Sever CA/..... 

 

My question is: The device certificate that i need is DigiCert? Ihave found that Ihave on /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt, this is the certificate that i must to use in your solution in this article? https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40127/?kA1j000000002yt

 

Regards

 

0 Kudos
r@yElr3y
Moderator
Moderator
‎04-06-2020 03:19:PM
‎04-06-2020 03:19:PM

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Please see your PM.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.