KB44421 - 'Missing or invalid client certificate' error with certificate authentication after upgrading to Pulse Connect Secure 9.1R4 or above.

This article describes an issue where certificate authentication or restriction starts to fail after upgrading Pulse Connect Secure (PCS) to 9.1R4 or above.

After an upgrade to Pulse Connect Secure 9.1R4 or above, the Pulse Desktop Client and web browser will fail following error message may be observed:

Missing or invalid client certificate

This issue occurs due to an option added in Pulse Connect Secure 9.1R4 related to certificate validation (applies to authentication and restriction).
 

To resolve this issue, perform the following steps:

1. Login to admin console
2. Navigate to System > Configuration > Certificates > Trusted Client CAs
3. From the list, select the corresponding root certificate
4. Under Client certificates status checking, select the checkbox for Trusted For Client Authentication

Note:  Participate in Client Certificate Negotiation should only be enabled of the certificate authority that directly signs the end user certificate.  For all other certificates in the chain, only Trusted For Client Authentication is recommended.