Reset Search
 

 

Article

KB43871 - How to repush iOS profiles using MobileIron where iOS apps that authenticate with certificates stop working after upgrading to Pulse mobile for iOS 7.0

« Go Back

Information

 
Last Modified Date8/24/2018 12:44 AM
Synopsis
This article provides steps to re-push VPN profiles using MobileIron to iOS devices that were upgraded to Pulse mobile for iOS 7.0 and affected by the issue detailed in KB43813.
Problem or Goal
After upgrading to Pulse Mobile for iOS 7.0, native iOS applications that used the same certificate as the certificate used for Pulse client authentication, stop working due to missing or invalid certificate error.

Example of Web based connection to PCS device using Safari where cert auth fails due to missing or invalid certificate:

User-added image


When viewing the configuration profile from iOS, the affected certificates are greyed out and show the following message:
 
Issued by: Certificate details are password protected until installed.  No Expiration Date Provided.

(Screenshot of affected certificates from iOS configuration profile.)

User-added image
Cause
This issue is detailed in KB43813 - Certificate authentication fails with error "Missing or Invalid Certificate" or other applications that rely on certificate authentication may fail after upgrading to the Pulse Mobile 7.0.0 for iOS.

This issue is caused by the migration of Pulse client certificates by the Apple iOS that occurs when upgrading to Pulse mobile for iOS 7.0 that causes certificates used by the Pulse client and shared by other iOS applications, to be moved to the Pulse shared keychain instead of being copied to the Pulse shared keychain.  
Solution
Pulse Secure has reported this issue to Apple as a bug and it is currently under investigation by Apple. 
 

Workaround:

Follow the steps below to re-push profiles to iOS devices so that the shared certificate moved to the Pulse shared keychain get reinstalled to the system keychain for use by native iOS applications:
  1. Login to MobileIron console.
  2. Go to Policies and Configs.
  3. Select the existing profile with the certificate used for Pulse VPN authentication.
  4. Confirm that the identity certificate assigned to the profile is the one that needs to be fixed.
User-added image
  1. Edit the profile by changing the name of the profile.  For example, if the profile name is VOD, rename it to VOD1.
User-added image
  1. Click Save.
  2. Click Yes when prompted to repush the profile.
User-added image
  1. To immediately push the profile to the device(s), go to Devices and Users and select the profile with the new name and click Push Profile.
User-added image
  1. From the iOS device, confirm that the profile is updated with the new name and there are no greyed out certificates.
User-added image
Related Links
Attachment 1 
Created ByKaren Mayberry

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255