Reset Search
 

 

Article

KB40200 - How to verify the server certificate with Pulse Secure Linux

« Go Back

Information

 
Last Modified Date3/24/2017 9:36 PM
Synopsis
This article describes the steps to enable server certificate verification by Pulse Secure Linux client 8.1R8 and higher.  This is different than what was done in the previous release using the "-f" argument.
Problem or Goal
The command line argument for launching the Pulse Secure Linux client has been adjusted in 8.1R8 and allows using the system trusted root certificate store for validation of the PCS server
Cause
Solution

Pulse Secure Linux client verifies server certificate with system trusted Certificate Authorities (CA) store. Please follow the instructions to add issuing CA certificate to system store.

Note: CA certificates should be stored as PEM format in trusted CA store. Following command is used to convert CA certificates from DER format to PEM format.

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
 

Linux (Ubuntu, Debian)

To add CA certificate into trusted store:

  1. Install the ca-certificate package.
apt-get install ca-certificates
  1. ​Copy your CA to /usr/local/share/ca-certificates/
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
  1. Update the CA store.
sudo update-ca-certificates
 

Linux (CentOs 6/RHEL 7/Fedora 22)

To add CA certificate into trusted store:

  1. Install the ca-certificates package. 
yum install ca-certificates
  1. Enable the dynamic CA configuration feature.
update-ca-trust force-enable
  1. Add it as a new file to /etc/pki/ca-trust/source/anchors/ 
cp foo.crt /etc/pki/ca-trust/source/anchors/
  1. Update the CA store.
update-ca-trust extract
Related Links
Attachment 1 
Created ByNick Christen

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255