Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unacceptable TLS certificate - Centos 7

matthewmcneilly
New Contributor
‎07-25-2019 02:37:AM
‎07-25-2019 02:37:AM

Unacceptable TLS certificate - Centos 7

Get the following error when establishing a VPN connection (see below for error and specs). I see that my version of CentOS is only listed as compatable not qualified. I dont neccesarily want to drop back to CentOS 7.4. Is it possible to get a 8.2 release of Pulse Connect to try which is listed as compatiable with my version of CentOS or is there a work around for getting Pulse Connect 9.04 to work?

 

Update:

Tried Ubuntu 18.05 with Pulse Connect 9.0 and same issue occurs despite this being listed as a qualified config.

 

Any guidance on this is greatly appreciated.

 

https://www-prev.pulsesecure.net/download/techpubs/current/1565/pulse-client/pulse-secure-client-des...

 

Centos 7.6.1810

Kernel 3.10.0-957

Pulse Version: 9.0R4(943)

 

Unable to load page

Problem occurred while loading the URL...

Unacceptable TLS certificate

 

 

 

 

 

 

 

 

 

 

0 Kudos
Reply
6 REPLIES 6
rdumitrescu
Contributor
‎07-25-2019 05:16:AM
‎07-25-2019 05:16:AM

Re: Unacceptable TLS certificate - Centos 7

If you you try to connect via browser do you receice any SSL/TLS certificate error?

This issue can happen if your VPN server doesn't provide the entire certifcate chain.

 

Tipically what you need to do is to add the intermediate CA that has signed your certificate under

 

System > Configuration > Device Certificate > Intermediate CAs

Reply
matthewmcneilly
New Contributor
‎07-25-2019 07:10:AM
‎07-25-2019 07:10:AM

Re: Unacceptable TLS certificate - Centos 7

The dashboard which I used is limited, basically just provides a point to kick of the desktop client from. I will contact the admin team reponsible for our PulseConnect, I would assume they have the options you mentioned.

 

You mentioned SSL/TLS certification errors, when I first navigate to the dashboard before I get to login, I must trust the connection through the browser. When using the Windows App for the first time, you accept a self signed certificate. But this isnt an option when using the linux app.

https://i.imgur.com/CyDuD9l.png

0 Kudos
Reply
r@yElr3y
Moderator
Moderator
‎07-25-2019 07:51:AM
‎07-25-2019 07:51:AM

Re: Unacceptable TLS certificate - Centos 7

Right, Intermediate certificates has to be added on the VPN server to make the certificate chain complete and dynamic trust (accepting the untrusted certs) is not available in Linux client.

Please PM me the VPN server URL for reviewing the certificate chain.
PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
Reply
rdumitrescu
Contributor
‎07-25-2019 07:55:AM
‎07-25-2019 07:55:AM

Re: Unacceptable TLS certificate - Centos 7

Ok, from what you are telling it seems that you company use a self-sign or a certificate siged by a private CA

 

If the certificate is sigend by a private CA you should follow the steps 5 to 8 of this KB in order to import the CA to your linux machine

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40278

Reply
matthewmcneilly
New Contributor
‎08-06-2019 08:29:AM
‎08-06-2019 08:29:AM

Re: Unacceptable TLS certificate - Centos 7

Hey Guys,

 

Apparently the company use Public CA.

They have provided me with a .crt in which I have tried the following without any success. Still get the same error. Am I on the right tracks or do I require anything else?

 

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40278/?q=uacceptable+TLS+certification&l=...

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43927/?q=uacceptable+TLS+certification&l=...

 

 

0 Kudos
Reply
rdumitrescu
Contributor
‎08-06-2019 09:09:AM
‎08-06-2019 09:09:AM

Re: Unacceptable TLS certificate - Centos 7

Well.... if your company use a Public CA then the issue should be related to the fact that your administrator doesn't  has imported the Intermediate CA to the PSA

This mean that when you connect to your server fqdn, the server doesn't give you the entire certificate chain.

 

We can check this by using the openssl.

openssl s_client -connect <your_fqdn>:443

 

Can you post the result?

 

 

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.