KB28092 - "Invalid signature" messages are displayed in Pulse Secure Desktop client debug logs

This article explains why "invalid signature" messages are displayed in the Pulse Secure Desktop Client debug logs for dll files and how the issue can be addressed.

While installing the Pulse Secure Desktop Client some clients running Windows OS, an invalid signature error is displayed in the Pulse Secure Desktop Client debug logs.

00239,09 2013/08/11 13:48:35.562 1 SYSTEM dsAccessService.exe dsAccessService p1524 t3E8 accessPluginLoader.cpp:113 - 'AccessService' plugin C:\Program Files\Common Files\Juniper Networks\8021xAccessMethod\8021xAccessMethod.dll, invalid signature

00239,09 2013/08/11 13:48:35.578 1 SYSTEM dsAccessService.exe dsAccessService p1524 t3E8 accessPluginLoader.cpp:113 - 'AccessService' plugin C:\Program Files\Common Files\Juniper Networks\Integration\IntegrationAccessMethod.dll, invalid signature

Pulse Secure Desktop Client software library files (.dll files) are signed by VeriSign Class 3 Code Signing CA.

The error is due to the Root Certificate Authority Certificate missing from the local computer certificate store of the Windows machine where Pulse Secure Desktop Client is installed.

Perform the following checks:
 

1. Ensure all the latest Windows updates and patch levels have been applied to the computer; Microsoft periodically updates Root CA's, Sub CA's in the windows machine certificate store.  Not applying Windows updates and patches is also a security risk.
2. Confirm the VeriSign Class 3 Code Signing CA is installed. This will allow the Pulse signature verification to pass successfully.

   Alternatively, you can also download VeriSign root CA from:
   http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem

3. After the Root CA installation is confirmed, re-run Junos Pulse.  Below is a sample of a Junos Pulse debug log where the Pulse dlls are verified successfully.

   00245,09 2013/08/26 12:25:17.842 4 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 verify.cpp:213 - 'dsVerifySignature' C:\Program Files\Common Files\Juniper Networks\Integration\IntegrationAccessMethod.dll signed by Juniper Networks and verified
00157,09 2013/08/26 12:25:17.842 4 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 verify.cpp:230 - 'dsVerifySignature' verifySignature complete with result 1

00244,09 2013/08/26 12:25:17.967 5 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 accessPluginLoader.cpp:111 - 'AccessService' plugin C:\Program Files\Common Files\Juniper Networks\8021xAccessMethod\8021xAccessMethod.dll, verifying signature...
00227,09 2013/08/26 12:25:17.967 4 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 verify.cpp:46 - 'dsVerifySignature' verifying signature on C:\Program Files\Common Files\Juniper Networks\8021xAccessMethod\8021xAccessMethod.dll
00245,09 2013/08/26 12:25:17.983 4 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 verify.cpp:213 - 'dsVerifySignature' C:\Program Files\Common Files\Juniper Networks\8021xAccessMethod\8021xAccessMethod.dll signed by Juniper Networks and verified
00157,09 2013/08/26 12:25:17.983 4 SYSTEM dsAccessService.exe dsAccessService p4060 tE68 verify.cpp:230 - 'dsVerifySignature' verifySignature complete with result 1

NOTE: For assistance with identifying the certificates installed on your system or the Windows update and patch levels please contact your local IT resources.