KB40409 - After Jan. 23rd, 2017, Pulse Secure Setup client will be blocked by Java due to an expired or not-yet-valid certificate

This article describes an issue where Pulse Secure Setup Client will be blocked by Java due to an expired or not-yet-valid certificate.

When an end user attempts to launch an Pulse Secure component utilizing the Java version of the Setup Client, the following error message will appear:
 

Your security settings have blocked an application signed with an expired or 
not-yet-valid certificate from running

 

This issue occurs due to the code signing certificate has expired on the Pulse Secure Setup Applet on Jan 23rd, 2017.  The following components are affected:

• All web components launched using Firefox (All operating systems)
• All web components launched by Safari on macOS
• All web components launched by Firefox on Linux except Network Connect
• All web components launched by Internet Explore with ActiveX disabled
• Java Secure Meeting / Pulse Collaboration (for macOS)

This issue does not affect the following scenarios:

• All web components launched by Internet Explorer (ActiveX)
• HOB Applet (All operating systems) 

Note: HOB Applet does not utilize the Setup Client, but is rewritten with the code signing certificate associated with the release version.  For version PCS 8.1R8 / PPS 5.1R8 and below and PCS 8.0R14 / PPS 5.0R14 and below will prompt a similar expiration message with the HOB Applet, this can be resolved by upgrading to a later build with a current, valid certificate.  For more information, refer to KB14058 - Pulse Secure Code signing certificate expiry dates and release information.

PCS 8.2RX / PPS 5.3RX are not affected by this issue.  The following PCS / PPS versions are impacted:

• PCS 8.0R15 / PPS 5.0R15 and greater
• PCS 8.1R8 / PPS 5.1R8 and greater

The following applets will utilize the code signing certificate associated with the build release.  This issue is resolved in 8.1R11.1 and 8.0R16.1 which is available now at Pulse Secure Licensing and Download Center.

To workaround the issue, please use one of the following options:

• Add the PCS / PPS URL to the Java exception list.  The instructions can be found at: https://www.java.com/en/download/faq/exception_sitelist.xml.
• For Windows users, using Internet Explorer will utilize Active-X and avoid the following issue.