To resolve this issue, Pulse Secure recommends to install a device certificate issued from a public certificate authority (CA). This will avoid the need to manually install or push root certificates to all applicable endpoints. If alternative methods are needed, please perform one of the following methods:
Method 1: Self-signed certificate
If a self-signed certificate is used, it is not recommended to enable the server certificate trust enforcement option. Pulse Secure recommends to install a device certificate that is issued from a public or private ca. However, if this is a non-production device, please perform the following steps to disable this option:
- Login to admin console
- Navigate to Configuration > Mobile
- Under Server certificate trust enforcement, select the radio button for disabled
Note: By default, this option is disabled.
Method 2: Private Certificate Authority (CA)
If the device certificate is issued from a private ca, please utilize an third party MDM solution to push the private ca to all applicable endpoints. This will allow to endpoints to properly trusted the device certificate.