Junos Pulse: “Invalid signature” messages are displayed in Junos Pulse debug logs

This article explains why “invalid signature” messages are displayed in the Junos Pulse debug logs for Pulse dll files and how the issue can be addressed.

While installing the Junos Pulse for UAC dot1x Layer 2 connection and Layer 3 connection on some clients running Windows OS, an Invalid Signature error is displayed in the Junos Pulse debug logs.

What generates this message and how can it be avoided?

Junos Pulse software library files (.dll files) are signed by Juniper Networks, whereas the Juniper Networks Certificate is issued by VeriSign Class 3 Code Signing CA.

The error is due to the Root Certificate Authority Certificate missing from the local computer certificate store of the Windows machine where Junos Pulse is installed.

Perform the following checks:

1. Ensure all the latest Windows updates and patch levels have been applied to the computer; Microsoft periodically updates Root CA’s, Sub CA’s in the windows machine certificate store. Not applying Windows updates and patches is also a security risk.

2. Confirm the VeriSign Class 3 Code Signing CA is installed. This will allow the Junos Pulse signature verification to pass successfully.
Alternatively, you can also download VeriSign root CA from:
http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem

3. After the Root CA installation is confirmed, re-run Junos Pulse. Below is a sample of a Junos Pulse debug log where the Pulse dlls are verified successfully.

NOTE: For assistance with identifying the certificates installed on your system or the Windows update and patch levels please contact your local IT resources.

About the author

Prasanna

Leave a Comment