Reset Search



KB21309 - [IKEv2] IKEv2 using Machine Certificate for authentication (addendum)

« Go Back


Last Modified Date8/2/2015 7:00 PM
This article provides information on how to setup IKEv2 by using a Machine Certificate for authentication (addendum).
Problem or Goal
User fails to authenticate by using a Machine Certificate via PCS IKEv2 and Windows 7.

Typical errors are:
  • Policy Mismatch. 
  • IKE authentication credentials are unacceptable.
For the initial setup, refer to the Using IKEv2 on Pulse Secure Access Appliance document.

In addition to the How-to document,  adhere to the following requirements for a Machine Certificate to work properly.

On the PCS:
  1. Make sure that the Network Connect check box is selected in the User Role.
  • The PCS Device Certificate has EKU (Enhanced  Key Usage) support for Web Server Authentication and Web Client Authentication (refer to Image 1). 
  • The Client Machine Certificate ROOT CA is installed in PCS Configuration > Certificates > Trusted Client CAs.
On the Client PC:
  1. Make sure that the Machine Certificate has EKU (Enhanced Key Usage) support for Web Server Authentication (refer to Image 1).
  • Install the Machine Certificate in the Personal >  Certificates folder in the Local Computer (Computer Account). Use MMC.exe to import it to the proper folder (refer to  Image 2).
  • Install the PCS Device Certificate Root CA in the Trusted Root Certification Authorities > Certificates folder in the Local Computer (Computer Account). Use MMC.exe to import it to the proper folder (refer to image 2).

Image 1 - Certificate with EKU (Enhanced Key Usage):

Image 2 - MMC console for Local Computer (Computer Account) certificate store:

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255