cancel
Showing results for 
Search instead for 
Did you mean: 

(Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Occasional Contributor

(Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi, 

Im working into a (docker linux container) from windows and ihave a Ubuntu image with pulse secure installed with its dependecies. Here my problem:

-On windows using the 'windows pulse secure app' i can connect to the vpn without using a certificate.

-On linux i cant connect using CLI "PulseClient_x86_64.sh" because the command needs a certificate.

Example command: 

/usr/local/pulse/PulseClient_x86_64.sh -h 11.11.11.11 -u user1 -p pass1 -U https://test.test -r users

-Anyone can tell me what is the problem?

-is it possible to connect using CLI without certificate?

7 REPLIES 7
Moderator

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Please use VPN server hostname instead of IP address and make sure the SSL certificate chain of the VPN server is complete/trusted by the Linux machine.

PCS Expert
Pulse Connect Secure Certified Expert
Occasional Contributor

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi!,

 

Thank you very much for your answer but,

How can I make sure the SSL certificate chain of the VPN server is complete/trusted?

 

My problem is similar to the another, i have not message, not error, nothing:

 

root@itaxxxc666:/usr/local/pulse# /usr/local/pulse/PulseClient_x86_64.sh -h webvpn.interserv.com  -u mycomp\\USER -p PASSWORD -U https://webvpn.interserv.com/dana-na/auth/url_47/welcome.cgi -r interserv
Checking for missing dependency packages for command line client ...
executing command : /usr/local/pulse/pulsesvc -h webvpn.interserv.com -u mycomp\USER -p PASSWORD -U https://webvpn.interserv.com/dana-na/auth/url_00/welcome.cgi -r interserv

root@itaxxxc666:/usr/local/pulse#

 

Regards

Moderator

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

You can use the below openssl command to verify the certificate chain:

 

openssl s_client -connect <VPN hostname>:443

 Look under Certificate chain, and you should seeing two if the VPN server certificate is signed by an Intermediate CA, if yes, then the chain is complete.

 

# Regarding the command syntax, it should be like 

/usr/local/pulse/PulseClient_x86_64.sh -h webvpn.interserv.com  -u USER -p PASSWORD -U webvpn.interserv.com/<STRING> -r interserv

UserSmiley Tongueassword should same as what you use in the browser session, URL has to be just the hostname. 

PCS Expert
Pulse Connect Secure Certified Expert
Occasional Contributor

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi thank you very much for your answer, i think that the problem is here:

 

I used this command = 

openssl s_client -connect <VPN hostname>:443

 

"unable to get local issuer certificate" and "unable to verify the first certificate""No client certificate CA names sent"

 

Ithink that i need to create previously a local certificate but i havent... the server returns me a Server certificate but i dont know how it works. 

 

I dont know how to fix it

Moderator

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Occasional Contributor

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Hi!

 

Iam reading the first link/article and into the Point 2 says:

2. Select the device certificate that is applied to the port that Linux users will be signing in with.

 

By my side, when i use openssl s_client -connect ip:443, the server returns me "Server certificate" and in another line .../CN=DigiCert SHA2 Secure Sever CA/..... 

 

My question is: The device certificate that i need is DigiCert? Ihave found that Ihave on /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt, this is the certificate that i must to use in your solution in this article? https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40127/?kA1j000000002yt

 

Regards

 

Moderator

Re: (Docker linux container) I cant connect using CLI "PulseClient_x86_64.sh"

Please see your PM.

PCS Expert
Pulse Connect Secure Certified Expert