Reset Search
 

 
Article

KB43927 - Pulse VPN tunnel fails to establish on Linux Ubuntu with error message "Problem occurred while loading the URL. Unacceptable TLS certificate"

Printable View
« Go Back

Information

 
Last Modified Date9/15/2020 8:32 PM
Synopsis

Pulse VPN tunnel fails to establish on Linux Ubuntu with error message "Problem occurred while loading the URL.  Unacceptable TLS certificate"

This article describes an issue where Ubuntu users are unable to establish a VPN connection with error message "Problem occurred while loading the URL.  Unacceptable TLS certificate."
Problem or Goal
Linux Ubuntu users have successfully installed the Pulse for Linux client and have created a connection to the PCS device, however, when they attempt to connect, the connection fails with the following error message: 
Problem occurred while loading the URL.  Unacceptable TLS certificate.
Cause
This issue will occur when one of conditions are true:
  1. A self-signed certificate is being used on the PCS device
  2. Intermediate certificate(s) is not installed as a ca-certificate on the Linux machine
Pulse Secure recommendation is not to use a self-signed certificate as this poses a security risk to end users to manually install the certificate.  As a security best practice, it is advise to use a device certificate that is signed by a public CA which is already trusted by the Linux operating system.

 
Solution
Note: Pulse Secure Linux Client supports 'Hostname FQDN' in the Server URL. It is not recommended to use IP address.

Follow the steps below to resolve this issue
  1. From the PCS admin console, navigate to System > Configuration > Certificate > Device Certificates
  2. Select the certificate that has been applied to the port the user is connecting to.
  3. From the Certificate Details page, under Certificates click Download to download the self-signed certificate and/or intermediate certificate.
  4. Copy the certificate to the Linux machine in the following directory:
/usr/local/share/ca-certificate/
  1. Run the following command to register the certificate with a valid host name:
$ sudo cp <PCS Hostname>.crt /usr/local/share/ca-certificates/<PCS Hostname>.crt
  1. Run the following command to update the certificate store            
$ sudo update-ca-certificates --fresh
  1. Click Connect button
Related Links
Attachment 1 
Created BySahil Mahajan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255