Reset Search
 

 

Article

KB17134 - Endpoints are receiving invalid or untrusted certificate messages when connecting to the Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS) device

« Go Back

Information

 
Last Modified Date6/21/2017 1:53 AM
Synopsis
This article describes an issue where endpoints are stating the certificate is invalid or untrusted when connecting the PCS / PPS device.
Problem or Goal
When an endpoint connects to a PCS / PPS device, a message will appear the certificate is invalid or untrusted.  These messages may vary depending on the application or browser the endpoint is using to connect to the PCS / PPS device.  Here are a few examples:

Pulse Mobile for iOS / Android:
The certificate for this server is invalid.  
Tap Accept to connect to this server anyway.

Pulse Secure Desktop client:
The certificate or certificate chain is based on an untrusted root.
Firefox:
Your connection is not secure

The owner of XX.XX.XX.XX has configured their website improperly. 
To protect your information from being stolen, Firefox has not connected to this 
website.

Internet Explorer:
There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted 
certificate authority.
Cause
This issue can occur when the proper intermediate certificates are not installed on the PCS / PPS device.
Solution
When a device certificate is installed on the PCS / PPS device, administrator will need to ensure the proper intermediate certificate(s) are installed as well. This will allow endpoints to chain to the preinstalled root certificates by the operating system vendors.

As an example, in order to comply with US National Institute of Standards and Technology (NIST) Entrust has:
  • Deployed a Root CA 'Entrust.net Certification Authority (2048)".
  • Deployed a Subordinate CA (L1C)


To prevent end users from receiving certificate warning messages, the following changes will be needed:

  • Entrust Certification Authority-L1C has to be imported as Intermediate CA on PCS.

 

Import the Intermediate certificate

Administrator should to their certificate authority to obtain the proper intermediate certificates.  Once these files are obtained, perform the following steps below:
  1. To Import the intermediate certificate to the PCS device log into the admin GUI and go to System > Configuration > Certificates > Device Certificates
  2. Click Intermediate CAs
User-added image
 
  1. Click Import CA certificate
User-added image
  1. Click Browse
  2. Select the appropriate file
  3. Click Import certificate
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255