Pulse Secure client supports certificate authentication for establishing Layer 2 and Layer 3 connections. On Windows endpoints, a Pulse client connection accesses client certificates located in the Local Computer personal certificate store to provide machine authentication, or user certificates located in a user’s personal certificate store or on a smart card for user authentication. A Pulse connection can access certificates from only one location. For information on machine authentication, see “Machine Authentication for Pulse Policy Secure Overview”.
You can create a Pulse connection that uses System Local, Active Directory, or RSA ACE server authentication to verify the user and a certificate to verify machine identity before establishing a connection. To do so, you must first enable an option for the Pulse connection that allows the connection to check the client certificates located in the Local Computer personal certificate store. The option, Select client certificate from machine certificate store, is part of the User Connection Preferences of a Pulse connection. User authentication is accomplished through realm authentication. Machine authentication is accomplished as part of a realm certificate restriction, because the Pulse connection uses the machine certificate. If the certificate store holds more than one valid certificate for the connection, Pulse opens a dialog box that prompts the user to select a certificate.
The following list summarizes the steps to configure a Pulse connection on a Windows endpoint that authenticates both the user and the machine. For detailed procedures on how to perform each configuration task, see the related documentation links.