Reset Search
 

 

Article

KB44341 - Smartcard certificate does not appear or not presented with Pulse Desktop Client 9.1.3.1313 and above when authenticating with a Pulse Connect Secure server running 9.1R2 and below

« Go Back

Information

 
Last Modified Date2/4/2020 11:04 PM
Synopsis
This article describes an issue where smartcard certificate does not appear or not presented with Pulse Desktop Client 9.1.3.1313 and above when authenticating with a Pulse Connect Secure server running 9.1R2 and below.
Problem or Goal
When running Pulse Desktop Client 9.1.3.1313 and above, smartcard certificates will not appear or be presented during authenticate when connecting to Pulse Connect Secure running below 9.1R2 and below.

In the debuglog.log, the following messages will appear stating personal certificate are found, but rejected smartcard cert certificates.
'JamCertLib' Found X personal certs
'JamCertLib' rejected Smartcard cert Certificate [Subject: XXXX, Issuer: Certification Authorities, Thumbprint: XXXXX]
Cause
This issue occurs due to the introduction of EKU/OID filtering feature in Pulse Desktop Client 9.1.3.1313 and above.  By default, the Pulse Desktop Client will filter out smartcard certificates.
Solution
As of Feb 4th, 2020, the recommendation is to upgrade Pulse Connect Secure to 9.1R3 and above and enable the option for Accept certificates with smartcard logon Enhanced Key Usage.
  1. Login to admin web console
  2. Navigate to Users > Pulse Secure Client
  3. Click the corresponding Connection name
  4. Under Connections, click the connection name
  5. Under Client Certificate Selection Option, select the checkbox for Accept certificates with smartcard logon Enhanced Key Usage
User-added image

Once this option is enabled, Pulse Desktop Client will receive an updated connection to display smartcard certificates.
Related Links
Attachment 1 
Created Byjai laisram

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255