Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable validate server certificate on OAC

NDCool_
Contributor
‎02-25-2008 10:36:PM
‎02-25-2008 10:36:PM

Disable validate server certificate on OAC

Hi guys,

I have testing on my lab UAC deployment, can we disable the validate server cert on OAC user profile??? Because if validate is "chacked" OAC cannot authenticate to IC.
I can not to disable it, but only can change from EAP-TTLS to EAP-PEAP.
(pict attached)
Any suggestion??

thanks
-ND-
0 Kudos
2 REPLIES 2
gdavies_
Occasional Contributor
‎02-26-2008 04:06:AM
‎02-26-2008 04:06:AM

Re: Disable validate server certificate on OAC

Hi ND,

Yes, you *should* be able to deactivate that on OAC normally. I'm not sure if it is prevented from being unchecked within the UAC environment. It might make sense if the UAC creates a self signed certificate and pushes it into your certificate store on installation of OAC. Otherwise, it doesn't make sense to block it.

I have just checked my own UAC profile and it *is* possible to uncheck the box next to Validate server certificate.

Have you tried creating a brand new profile for the UAC? You need to set it up with EAP-TTLS/EAP-JUAC.

Rgds,

Guy
0 Kudos
aronow_
Contributor
‎02-26-2008 09:04:AM
‎02-26-2008 09:04:AM

Re: Disable validate server certificate on OAC

ND,

You are probably missing a Trusted Server entry, or you have not added the cert to your users "Trusted Root Certificate Authority" store. That would explain why the validate server certificate is causing your client to fail.

If you are trying to change the OAC configuration that gets pushed from the IC then no, that is not possible.

What you could do, other than making sure to add the self signed certificate to your "trusted Root certificate authority store" would be do generate a CSR and sign it with some external authority that already exists on your workstation. Alternatively, you could sign the CSR with some local CA server, and then upload the root cert into the IC's Trusted Server CA's.

Then when OAC gets pushed to the endpoint, you should also see a certificate pushed from the IC and added to the users "trusted root certificate authority store" as well as a trusted servers entry added in OAC.

If you are trying to disable "validate server certificate" at GINA time (the Windows Logon Screen using the OAC GINA module) you can not. You must validate the server certificate at GINA time, this is a security feature of OAC. You can only disable "validate server certifcate" at the desktop or machine authentication.

Thanks

-Jeff Aronow

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.