Reset Search



KB17134 - Endpoints are receiving invalid or untrusted certificate messages when connecting to the Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS) device

« Go Back


Last Modified Date6/21/2017 1:53 AM
This article describes an issue where endpoints are stating the certificate is invalid or untrusted when connecting the PCS / PPS device.
Problem or Goal
When an endpoint connects to a PCS / PPS device, a message will appear the certificate is invalid or untrusted.  These messages may vary depending on the application or browser the endpoint is using to connect to the PCS / PPS device.  Here are a few examples:

Pulse Mobile for iOS / Android:
The certificate for this server is invalid.  
Tap Accept to connect to this server anyway.

Pulse Secure Desktop client:
The certificate or certificate chain is based on an untrusted root.
Your connection is not secure

The owner of XX.XX.XX.XX has configured their website improperly. 
To protect your information from being stolen, Firefox has not connected to this 

Internet Explorer:
There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted 
certificate authority.
This issue can occur when the proper intermediate certificates are not installed on the PCS / PPS device.
When a device certificate is installed on the PCS / PPS device, administrator will need to ensure the proper intermediate certificate(s) are installed as well. This will allow endpoints to chain to the preinstalled root certificates by the operating system vendors.

As an example, in order to comply with US National Institute of Standards and Technology (NIST) Entrust has:
  • Deployed a Root CA ' Certification Authority (2048)".
  • Deployed a Subordinate CA (L1C)

To prevent end users from receiving certificate warning messages, the following changes will be needed:

  • Entrust Certification Authority-L1C has to be imported as Intermediate CA on PCS.


Import the Intermediate certificate

Administrator should to their certificate authority to obtain the proper intermediate certificates.  Once these files are obtained, perform the following steps below:
  1. To Import the intermediate certificate to the PCS device log into the admin GUI and go to System > Configuration > Certificates > Device Certificates
  2. Click Intermediate CAs
User-added image
  1. Click Import CA certificate
User-added image
  1. Click Browse
  2. Select the appropriate file
  3. Click Import certificate
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255