Configuring Junos Pulse (Mobile) for certificate restriction (iOS) and certificate authentication (iOS and Android).
SERVER-SIDE CONFIGURATION
Certificate Restriction (Junos Pulse for iOS only)
1.Go to Realm > Authentication policy > Certificate and select the Only allow users with a client-side certificate signed by Trusted Client CAs to sign in button.
2.Go to Role > General > Restrictions > Certificate.
3.Select the Only allow users with a client-side certificate signed by Certification Authority to sign in button.
Note: Certificate restriction is not supported on Junos Pulse for Android. If certificate is configured, Junos Pulse for Android users receive this message: Missing certificate. Check that your certificate is valid and up-to-date, and try again.
Certificate Authentication
1.Go to Authentication > Auth. Servers.
2.From the New drop down menu, select Certificate Server.
3.Click New Server.
4.For Name, type a unique identifier for the Certificate Server instance.
5.For User Name Template, type the variable that the Junos Pulse Secure Access server will use for the user name. By default, Junos Pulse Secure Access server uses the common name attribute.
6.Under Users > User Realms, create a new realm or select a realm to which to associate the certificate server. From the Authentication drop-down, select the name of the certificate server entered in step 4.
CLIENT-SIDE CONFIGURATION
1.Select Configuration on the Junos Pulse Mobile App.
2.Select the Authentication.
3.Select the Certificate Option.