Reset Search
 

 

Article

TSB16667 - PCS/PPS/Pulse Secure Desktop: Notification on upcoming Code Signing Certificate expiration on certain Pulse Secure software versions

« Go Back

Information

 
Last Modified Date2/7/2017 3:31 AM
Legacy Id
Product AffectedPCS700, PCS2000, PCS2500, PCS4000, PCS4000 FIPS, PCS4500, PCS4500 FIPS, PCS6000, PCS6000 FIPS, PCS6500, PCS6500 FIPS, PPS4000, PPS4500, PPS6000, PPS6500, PPS6500 FIPS, MAG2600 PCS, MAG4610 PCS
Alert Description
The Code Signing Certificate used in the following Pulse Secure software versions will expire on April 10th 2015. This may cause any Java related client side components (JSAM, Setup Applet and any application that uses Java Applet Rewriter Web access method) to fail. Note that Setup Applet is the client component responsible for launching any Pulse Secure client component like Pulse Secure Desktop, Network Connect, WSAM, Windows Terminal Services Client, etc. when Active-X technology is not available on the client and the end user is starting the client component from a browser.

Pulse Connect Secure Versions
  1. 7.1R9 to 7.1R18
  2. 7.2R3 to 7.2R12
  3. 7.3R1 to 7.3R10
  4. 7.4R1 to 7.4R9
  5. 8.0R1 to 8.0R3

Pulse Secure Desktop Client Versions
  1. 3.1R1 to 3.1R10
  2. 4.0R1 to 4.0R9.2
  3. 5.0R1 to 5.0R3

Pulse Policy Secure Versions
  1. 4.2R3 to 4.2R5.1
  2. 4.3R1 to 4.3R7
  3. 4.4R1 to 4.4R8
  4. 5.0R1 to 5.0R3
Solution
To avoid this issue please upgrade to any of the later Pulse Secure software release versions than what is listed above. All recent release versions use a code-signing certificate that expires on 23rd Jan 2017.

FAQ:

Question: I do not use any Java related functionality. Will my end users see any issues?
Answer : If you do not use any Java related functionality then you should not experience any issue even in the above-mentioned release versions. For example if your end users directly launch the Pulse Client from their machine without login via a browser then they should not see
Any issues due to the certificate expiry event on 10th April 2015

Question: I cannot upgrade immediately. Is there a workaround?
Answer: We strongly recommend that you upgrade to a newer release where the Code Signing certificate expiry date is 23rd Jan 2017. In our limited testing we were able to workaround the issue with Java Juniper Setup client by adding the PCS/PPS gateway device IP and hostname in the exception list under the ‘Security’ tab within the Java 'Control Panel’ on the client machine.
Implementation
Alert TypePSN - Product Support Notification
Related Links
Attachment 1 
Attachment 2 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255