Expired Certificate Prevents Pulse Secure VPN Users From Logging In
- Pulse Secure VPN users on Windows are having trouble accessing their devices via the web browser.
- There’s a problem with the timestamp checks in the code-signing certificate, which expired yesterday.
- The firm says a fix is underway and will be made available by the end of the day today.
A number of Pulse Secure VPN users have been reporting problems logging in onto the platform, not being able to access their devices. The error that the users were getting mentions the following: “An unexpected error has occurred, please retry. If the issue persists, contact your administrator.”
This not-helpful-at-all message resulted in a wave of reports to Pulse Secure’s customer support portal, so the internet company had to come out with an advisory to explain where the issue lies exactly.
According to the details given by Pulse Secure, the outage seems to be relevant to the improper verification of the signature for some of the VPN product’s components. The certificate that was supposed to help with this verification process expired on April 12, 2021, which results in a signature mismatch that prevents the solution from loading. As such, this is a security feature that is working as expected, although the firm has no doubt blundered here by failing to renew it in time.
The impacted products are PCS/PPS releases 9.1R11.x, 9.1R10.x, 9.1R9.x, 9.1R8.x (only Windows End-Points). The features impacted by the problem include Terminal Services, JSAM, HOB, CTS, VDI, Secure Meeting (Pulse Collaboration), Host Checker, Launching of PDC via browser, and SAML with External Browser with HC enabled.
The firm has promised to release fixes by the end of the day (PST), with the only exception being the PCS 9.1R10.x fix - which will land tomorrow. In the meantime, you may try to access your devices using the Pulse Desktop Client directly, not via a web browser. Alternatively, Linux and macOS should be working fine. Finally, releases prior to 9.1R8.x should not be impacted by the certificate problem.