Reset Search



KB40200 - How to verify the server certificate with Pulse Secure Linux

« Go Back


Last Modified Date3/24/2017 9:36 PM
This article describes the steps to enable server certificate verification by Pulse Secure Linux client 8.1R8 and higher.  This is different than what was done in the previous release using the "-f" argument.
Problem or Goal
The command line argument for launching the Pulse Secure Linux client has been adjusted in 8.1R8 and allows using the system trusted root certificate store for validation of the PCS server

Pulse Secure Linux client verifies server certificate with system trusted Certificate Authorities (CA) store. Please follow the instructions to add issuing CA certificate to system store.

Note: CA certificates should be stored as PEM format in trusted CA store. Following command is used to convert CA certificates from DER format to PEM format.

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

Linux (Ubuntu, Debian)

To add CA certificate into trusted store:

  1. Install the ca-certificate package.
apt-get install ca-certificates
  1. ​Copy your CA to /usr/local/share/ca-certificates/
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
  1. Update the CA store.
sudo update-ca-certificates

Linux (CentOs 6/RHEL 7/Fedora 22)

To add CA certificate into trusted store:

  1. Install the ca-certificates package. 
yum install ca-certificates
  1. Enable the dynamic CA configuration feature.
update-ca-trust force-enable
  1. Add it as a new file to /etc/pki/ca-trust/source/anchors/ 
cp foo.crt /etc/pki/ca-trust/source/anchors/
  1. Update the CA store.
update-ca-trust extract
Related Links
Attachment 1 
Created ByNick Christen



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255