Reset Search
 

 

Article

KB18054 - Network Connect fails to connect with "Could not connect to Secure Gateway because the certificate is invalid or not trusted by the client system" (nc.windows.app.23793)

« Go Back

Information

 
Last Modified Date5/5/2017 4:17 AM
Synopsis
This article describes an issue where Network Connect fails to connect with the message "Could not connect to Secure Gateway because the certificate is invalid or not trusted by the client system".
Problem or Goal
When connecting with Network Connect, the end user may receive the error message:
Could not connect to Secure Gateway because the certificate is invalid or not 
trusted by the client system. Click OK to exit NC and Sign in to Secure Gateway 
again. If problem persists, please contact administrator.

Cause
This issue occurs when all of the following conditions are met:
  • Enable FIPS complaint Network Connect is enabled on the user role (Under User Roles > VPN Tunneling > Options)
User-added image
  • Pulse Connect Secure is configured with self-signed certificate or does not have the complete certificate chain installed
Solution
To resolve this issue, please use the ssl installation checker at https://cryptoreport.websecurity.symantec.com/checker/ to check if the proper certificate chain is installed.  If the complete chain is not installed, please contact the certificate authority to obtain the proper intermediate certificates.

Once the proper files are obtained, perform the following steps:
  1. Login in the admin console
  2. Navigate to Configuration > Certificates > Device Certificates
  3. At the top of the screen, click Intermediate CAs link
  4. From the Intermediate CA page, click Import CA Certificate
  5. Click Browse and navigate to the Intermediate certificate file saved
  6. Click Import Certificate
​If there are multiple intermediate certificates, repeat steps 4 to 6 for each file.

Note:  Pulse Secure does not recommend installing a self-signed certificate on a production device besides the initial configuration.  If a self-signed certificate is used for testing, the self-signed certificate will need to be manually installed as a trusted root certificate on each endpoint.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255