Installing the certificate in such ways didn't worked for me (later I've realized I had to rename my lacking certificate to .ctr to append it into /etc/ssl/certs/ca-certificates.crt through dpkg-reconfigure ca-certificates). The solution for this problem is to copy the lacking certificate into the store of certificates used by PulseSecure. In my case I was missing the intermediate certificate: DigiCert Global CA G2, I realized that by using this command: openssl s_client -connect <IP of my VPN CGI> An error was displayed: subject=/C=XX/ST=XXXXX (our certificate)
issuer=/C=US/O=DigiCert Inc/CN=DigiCert GLobal CA G2
Verify return code: 21 (unable to verify the first certificate) Copied the text certificate from: TBS-Certificates In the file on /usr/local/pulse/README says which store is used for each operating system (Ubuntu in my case) so I edited it: cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.backup
vim /etc/ssl/certs/ca-certificates.crt Copied and pasted the lacking certificate into it (at the start of ca-certificates.crt) Started again Pulse Secure and everything worked. Documented this if someone else needs to solve a similar problem. Regards. Helfgott EDIT: This process also works: sudo mkdir /usr/share/ca-certificates/extra
sudo cp <YOUR_CERTIFICATE>.crt /usr/share/ca-certificates/extra/
sudo dpkg-reconfigure ca-certificates But the certificate must be ".crt" otherwise won't be added in ca-certificates store.
... View more