Reset Search



KB44283 - Pulse Client : Unable to read certificates from smart card into mac key-chain on Catalina

« Go Back


Last Modified Date10/8/2019 10:35 AM
This article describes an issue where Pulse client is unable to read certificates from smart card into mac key-chain on Catalina
Problem or Goal

Due to failure in recognizing the smart card certificate under "key Chain Access", pulse client is failing to establish tunnel.
This is due to the changes that Apple has brought in. The following link details regarding Catalina specific changes for smartcard - HT210541
Apple has changed the existing framework and mandated to use cryptotokenkit framework instead of TokenD which was used until Mojave release. The driver support  to read certificates from smart card  is provided by third party packages. However with Catalina, these are broken as none of the software providers are supporting it.

Of the two flavors of smart card – PIV based and CAC based, Apple has very recently provided drivers for PIV based smart card. Pulse Secure is working on supporting the same on priority and will update the KB once we have an ETA on the release which will have the support.

However so far none of the third party software's currently support CAC based smart card on Catalina. We are constantly monitoring the developments in open source community and will incorporate changes to our code to support CAC based smart cards as and when its available.
Related Links
Attachment 1 
Created Byjai laisram



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255