Reset Search
 

 

Article

KB44148 - Support for machine certificate check on MAC OSx

« Go Back

Information

 
Last Modified Date4/29/2019 11:27 AM
Synopsis
Host Checker based Machine Certificate checks was only supported on the Windows based client machines.

Now with the release of 9.1R1, Machine Certificate checks using Host Checker on MAC OSx is supported for both browser and Pulse Desktop Client based logins. 
Problem or Goal
For assistance with the configuring Host Checker checks please refer Admin guide documentation.
For browser based logins, no additional steps are required on the user machine that the usual.
However, due to Apple security restriction, the feature “Machine Certificate” on MAC OSx additional steps described below needs to be performed on the client machine while using Pulse Desktop Client for login.
Cause
Solution
Follow the steps as directed below to ensure that the Host Checker machine certificate checks pass while using Pulse Desktop client based login:
  1. Install Pulse Secure client.
  2. Install with required certificate using following commands
    1. Open terminal
    2. cd /Applications/Pulse\ Secure.app/
    3. sudo security import <path_to_cert_file> -k /Library/Keychains/System.keychain  -P <password_of_cert_file>  -T Contents/Plugins/JUNS/dsAccessService
  3. If certificate already present on the system, either delete the certificate and reinstall it using Step 2 or add dsAccessService to allowed application to access private.
  4. To add an application to access the private key, use following steps
    1. Open Keychain Access and locate the private key in the System Keychain.
    2. Right click on private key --> get info --> go to “Access Control” tab
    3. Click “+” at the bottom left corner. It will open a dialog to select an app.
    4. Go to terminal, cd /Applications/Pulse\ Secure.app/Contents/Plugins/JUNS/ && open .
    5. Select dsAccessService and drag and drop it to dialog opened by Keychain Access.
    6. This may require reboot of the user machine.
Note: Above mentioned steps are not required for browser-based logins.
 
Related Links
Attachment 1 
Created BySumanto Chakraborty

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255