cancel
Showing results for 
Search instead for 
Did you mean: 

Unacceptable TLS certificate - Centos 7

New Contributor

Unacceptable TLS certificate - Centos 7

Get the following error when establishing a VPN connection (see below for error and specs). I see that my version of CentOS is only listed as compatable not qualified. I dont neccesarily want to drop back to CentOS 7.4. Is it possible to get a 8.2 release of Pulse Connect to try which is listed as compatiable with my version of CentOS or is there a work around for getting Pulse Connect 9.04 to work?

 

Update:

Tried Ubuntu 18.05 with Pulse Connect 9.0 and same issue occurs despite this being listed as a qualified config.

 

Any guidance on this is greatly appreciated.

 

https://www-prev.pulsesecure.net/download/techpubs/current/1565/pulse-client/pulse-secure-client-des...

 

Centos 7.6.1810

Kernel 3.10.0-957

Pulse Version: 9.0R4(943)

 

Unable to load page

Problem occurred while loading the URL...

Unacceptable TLS certificate

 

 

 

 

 

 

 

 

 

 

6 REPLIES 6
Highlighted
Occasional Contributor

Re: Unacceptable TLS certificate - Centos 7

If you you try to connect via browser do you receice any SSL/TLS certificate error?

This issue can happen if your VPN server doesn't provide the entire certifcate chain.

 

Tipically what you need to do is to add the intermediate CA that has signed your certificate under

 

System > Configuration > Device Certificate > Intermediate CAs

New Contributor

Re: Unacceptable TLS certificate - Centos 7

The dashboard which I used is limited, basically just provides a point to kick of the desktop client from. I will contact the admin team reponsible for our PulseConnect, I would assume they have the options you mentioned.

 

You mentioned SSL/TLS certification errors, when I first navigate to the dashboard before I get to login, I must trust the connection through the browser. When using the Windows App for the first time, you accept a self signed certificate. But this isnt an option when using the linux app.

https://i.imgur.com/CyDuD9l.png

Moderator
Moderator

Re: Unacceptable TLS certificate - Centos 7

Right, Intermediate certificates has to be added on the VPN server to make the certificate chain complete and dynamic trust (accepting the untrusted certs) is not available in Linux client.

Please PM me the VPN server URL for reviewing the certificate chain.
Pulse Connect Secure Certified Expert
Occasional Contributor

Re: Unacceptable TLS certificate - Centos 7

Ok, from what you are telling it seems that you company use a self-sign or a certificate siged by a private CA

 

If the certificate is sigend by a private CA you should follow the steps 5 to 8 of this KB in order to import the CA to your linux machine

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40278

New Contributor

Re: Unacceptable TLS certificate - Centos 7

Hey Guys,

 

Apparently the company use Public CA.

They have provided me with a .crt in which I have tried the following without any success. Still get the same error. Am I on the right tracks or do I require anything else?

 

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40278/?q=uacceptable+TLS+certification&l=...

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43927/?q=uacceptable+TLS+certification&l=...

 

 

Occasional Contributor

Re: Unacceptable TLS certificate - Centos 7

Well.... if your company use a Public CA then the issue should be related to the fact that your administrator doesn't  has imported the Intermediate CA to the PSA

This mean that when you connect to your server fqdn, the server doesn't give you the entire certificate chain.

 

We can check this by using the openssl.

openssl s_client -connect <your_fqdn>:443

 

Can you post the result?