cancel
Showing results for 
Search instead for 
Did you mean: 

Unacceptable TLS certificate - Ubuntu 18.04

Highlighted
New Contributor

Unacceptable TLS certificate - Ubuntu 18.04

Hello,

 

I know that there are related topics with this issue but I've been following them all and I cannot get the pulse secure vpn working so I would appreciate if you can help me on this.

 

Regards.

7 REPLIES 7
Highlighted
Moderator

Re: Unacceptable TLS certificate - Ubuntu 18.04

Are you using the hostname or IP address of the VPN server?

 

Can you please send me the VPN server URL as PM?

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
New Contributor

Re: Unacceptable TLS certificate - Ubuntu 18.04

Hi Ray,

 

Thanks for your reply. Check PM.

 

Regards.

Highlighted
Moderator

Re: Unacceptable TLS certificate - Ubuntu 18.04

@nrodrigues Thank you for the message. This issue normally occurs if the VPN server uses a certificate which was signed by either a private CA or self-signed or in some cases, it could be due to the incomplete the certificate chain.

 

Please access the VPN server portal from any browser like Google Chrome and see if get any cert warning message and then view the certificate to get an idea about the CA details. I know there is a openssl command to get the complete certificate printed in base64 format, which you can copy and create a .crt file from it.

 

openssl s_client -showcerts -connect <VPN hostname>:443

# Please run the command and share the output as PM.

 

Refer: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43927/?kA1f1000000kAsL

 

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
New Contributor

Re: Unacceptable TLS certificate - Ubuntu 18.04

Yes, when I open the URL on chrome it says "Not secure" and NET::ERR_CERT_AUTHORITY_INVALID.

 

I followed that info in the past, I've tried to extract the complete certificate chain in many ways and formats and after that I've tried to import to use it in pulse but no success. I'm sending you the output you requested by PM.

Highlighted
Moderator

Re: Unacceptable TLS certificate - Ubuntu 18.04

Hi @nrodrigues,

 

Thank you for sending the openssl output for review. It seems that the VPN server is sending the complete certificate chain, however the Root CA is not present in the Linux machine for validating the chain. It cannot be downloaded online (searched Smiley Very Happy ), since it's a private CA (AIA attribute in the Int.CA does not have the location to download the Root CA certificate - Secured)

 

depth=2 C = XX, O = XXXXXX, OU = YYYYY, CN = ZZZZZ Intermediate CA
verify error:num=20:unable to get local issuer certificate

 

With that said, please request your IT team to provide a copy of the Root CA certificate stating the problem caused by the incomplete chain and installing that on the Linux machine CA store should resolve the issue.

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
New Contributor

Re: Unacceptable TLS certificate - Ubuntu 18.04

Thank you Ray! I'll try to find out who can send me the certificate and I'll let you know later if it's working Smiley Happy

Highlighted
Moderator

Re: Unacceptable TLS certificate - Ubuntu 18.04

Sure, Thank you Smiley Wink
PCS Expert
Pulse Connect Secure Certified Expert