Juniper Pulse Secure client

• Last tested on CentOS 7.7.1908 (2020-04-22)

First, get the CA certificate file to get rid of the following error:

Server certificate verify failed: signer not found

echo -n | openssl s_client -connect vpn.myuniversity.edu:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/certs/myschool-vpn-cafile.crt

Then grab the --servercert sha256:whateverhexcodehere that shows up when you execute the following line:

$ sudo openconnect --authgroup=colleges --user=skan --cafile=/home/skan/certs/myschool-vpn-cafile.crt --juniper https://vpn.myuniversity.edu

Disconnect using ctrl-c and then add the --servercert param:

$ sudo openconnect --authgroup=colleges --user=skan --cafile=/home/skan/certs/myschool-vpn-cafile.crt --servercert sha256:043c3a132f34d87ba8c507f21d775a08dc1d85aa3f2d782996d66d17865af2e0 --juniper https://vpn.myuniversity.edu

openconnect

• Last tested on Ubuntu 20.04 LTS (2024-07-10)

To resolve the "Server certificate verify failed: signer not found" error when connecting to GlobalProtect VPN via openconnect, you need to update your system's trusted certificates to include the certificate authority (CA) that signed the VPN server's certificate. Here are the steps you can follow to obtain and update the server certificate:

1. Obtain the Server Certificate:

You can obtain the server certificate using the openssl command. Run the following command to download the certificate:

echo | openssl s_client -connect 129.24.2.245:443 -servername 129.24.2.245 | openssl x509 -text -noout > server.crt

2. Add the Certificates to Trusted CA Store:

sudo cp server.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

3. Since the certificate has been added to the trusted store, there is nothing more to do. However, in cases when it needs to be added manually:

sudo openconnect --cafile=/usr/local/share/ca-certificates/server.crt https://129.24.2.245