Reset Search
 

 

Article

KB44266 - After upgrading to iOS 13, end user is unable to connect to the Pulse Connect Secure (PCS) with the error message of "Server is not responding"

« Go Back

Information

 
Last Modified Date9/19/2019 2:01 PM
Synopsis
This article describes an issue where end user is unable to connect to Pulse Connect Secure (PCS) VPN after upgrading to iOS 13.
Problem or Goal
After upgrading to iOS 13, end user will fail to connect to the Pulse Connect Secure (PCS) appliance with Pulse Mobile (iOS) with the following error message:
Server is not responding
Cause
This issue occurs due to a security change on key requirements from Apple.
Solution
To resolve this issue, please review the Apple documentation to ensure the device certificate installed on the PCS appliance does meet all of the key requirements by Apple for iOS 13.

As of Sept 19, 2019, the document stated the following requirements:

All TLS server certificates must comply with these new security requirements in iOS 13 and macOS 10.15:

  • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.
  • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.
  • TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.

Additionally, all TLS server certificates issued after July 1, 2019 (as indicated in the NotBefore field of the certificate) must follow these guidelines:

  • TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
  • TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

Connections to TLS servers violating these new requirements will fail and may cause network failures, apps to fail, and websites to not load in Safari in iOS 13 and macOS 10.15.

Related Links
Attachment 1 
Created Byjai laisram

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255