Linux VPN

Florida Atlantic University VPN for Linux

For Linux, the Juniper Network Connect client has been deprecated

VPN connectivity can be accomplished through use of the Pulse Secure Client for Linux. Currently only Centos/RHEL and Debian/Ubuntu flavors of Linux are supported by the client

Installing Pulse Secure Client

    1. For Debian/Ubuntu:
      1. Click here to download the client installer (downloads coming soon)
      2. In a terminal type:
         sudo dpkg -i <path to installer> 
         sudo cp /usr/local/pulse/libpulseui.so /usr/lib/
    2. For Centos/RHEL:
      1. Click here to download the client installer (downloads coming soon)
      2. In a terminal type:
         rpm -ivh <path to installer>
  1. Upon completion of the install, type:
    /usr/local/pulse/PulseClient.sh install_dependency_packages
    
    If you Ubuntu version is newer then Version 16 you must replace this script with the following, which supports 18.04 and 18.10.
    #!/bin/bash
    HOMEDIR=$HOME
    INSTALLDIR=/usr/local/pulse
    PULSEDIR=$HOME/.pulse_secure/pulse
    PULSECERTDIR=$PULSEDIR/certificates
    SVCNAME=pulsesvc
    UTILNAME=pulseutil
    LOG=$PULSEDIR/PulseClient.log
    args=""
    ive_ip=""
    NOARGS=$#
    SCRARGS=$@
    OPENSSLCMD=openssl
    
    SCRNAME=`basename $0`
    
    SUPPORTED_OSTYPES_LIST=( CENTOS_6 CENTOS_7 UBUNTU_14 UBUNTU_15 UBUNTU_16 FEDORA RHEL_7 DEBIAN_8_9 UNSUPPORTED)
    #RPM Based
    CENTOS_6_DEPENDENCIES=( glibc \
                            nss-softokn-freebl \
                            zlib \
                            glib-networking \
                            webkitgtk \
                            xulrunner\
                            libproxy \
                            libXmu  \
                            libproxy-gnome \
                            libproxy-mozjs)
    CENTOS_6_DEPENDENCIES_WITH_VERSION=( glibc \
                                         nss  \
                                        zlib \
                                        glib-networking \
                                        webkitgtk \
                                        xulrunner \
                                        libproxy \ 
                                        libXmu  \
                                        libproxy-gnome \
                                        libproxy-mozjs)
    
    FEDORA_DEPENDENCIES=( glibc \
                            nss-softokn-freebl \
                            zlib \
                            glib-networking \
                            webkitgtk- \
                            libgnome-keyring \
                            xulrunner \
                            libproxy \
                            mozjs17 \
                            libproxy-mozjs \
                            libproxy-gnome)
    FEDORA_DEPENDENCIES_WITH_VERSION=( glibc \
                                         nss  \
                                        zlib \
                                        glib-networking \
                                        webkitgtk \
                                        libgnome-keyring \
                                        xulrunner \
                                        libproxy \
                                        mozjs17 \
                                        libproxy-mozjs \
                                        libproxy-gnome)
    
    CENTOS_7_DEPENDENCIES=( glibc \
                        nss-softokn-freebl \
                        zlib \
                        glib-networking \
                        webkitgtk3 \
                        libgnome-keyring \
                        libproxy-gnome \
                        libproxy-mozjs \
                        libproxy )
    CENTOS_7_DEPENDENCIES_WITH_VERSION=( glibc \
                                    nss \
                                    zlib \
                                    glib-networking \
                                    webkitgtk3 \
                                    libgnome-keyring \
                                    libproxy-gnome \
                                    libproxy-mozjs \
                                    libproxy )
    
    RHEL_7_DEPENDENCIES=( glibc \
                        nss-softokn-freebl \
                        zlib \
                        glib-networking \
                        webkitgtk3 \
                        libgnome-keyring \
                        libproxy )
    RHEL_7_DEPENDENCIES_WITH_VERSION=( glibc \
                                    nss \
                                    zlib \
                                    glib-networking \
                                    webkitgtk3-2.4.9-5.el7 \
                                    libgnome-keyring \
                                    libproxy )
    
    #Debian Based
    UBUNTU_14_DEPENDENCIES=( libc6 \
                        libwebkitgtk-1 \
                        libproxy1 \
                        libproxy1-plugin-gsettings \
                        libproxy1-plugin-webkit \
                        libdconf1 \
                        dconf-gsettings-backend)
    UBUNTU_14_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    dconf-gsettings-backend)
    
    UBUNTU_15_DEPENDENCIES=( libc6 \
                        libwebkitgtk-1 \
                        libproxy1 \
                        libproxy1-plugin-gsettings \
                        libproxy1-plugin-webkit \
                        libdconf1 \
                        libgnome-keyring0 \
                        dconf-gsettings-backend)
    UBUNTU_15_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    libgnome-keyring0 \
                                    dconf-gsettings-backend)
    UBUNTU_16_DEPENDENCIES=( libc6 \
                        libwebkitgtk \
                        libproxy1 \
                        libproxy1-plugin-gsettings \
                        libproxy1-plugin-webkit \
                        libdconf1 \
                        libgnome-keyring0 \
                        dconf-gsettings-backend)
    UBUNTU_16_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    libgnome-keyring0 \
                                    dconf-gsettings-backend)
    UBUNTU_18_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    libgnome-keyring0 \
                                    dconf-gsettings-backend)
    UBUNTU_18_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    libgnome-keyring0 \
                                    dconf-gsettings-backend)
    DEBIAN_8_9_DEPENDENCIES=( libc6 \
                        webkitgtk \
                        libproxy1 \
                        libproxy1-plugin-gsettings \
                        libproxy1-plugin-webkit \
                        libdconf1 \
                        libgnome-keyring0 \
                        dconf-gsettings-backend)
    DEBIAN_8_9_DEPENDENCIES_WITH_VERSION=( libc6 \
                                    libwebkitgtk-1.0-0 \
                                    libproxy1 \
                                    libproxy1-plugin-gsettings \
                                    libproxy1-plugin-webkit \
                                    libdconf1 \
                                    libgnome-keyring0 \
                                    dconf-gsettings-backend)
    
    
    tam=${#SUPPORTED_OSTYPES_LIST[@]}
    for ((i=0; i < $tam; i++)); do name=${SUPPORTED_OSTYPES_LIST[i]} declare -r ${name}=$i done install_deb() { i=$1 sudo -v > /dev/null 2>/dev/null
        echo $i
        if [ $? -eq 0 ]; then 
            echo "sudo password : "
            sudo apt-get install $i 
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " apt-get install $i"
            fi
        else 
            echo "super user password : "
            su -c "apt-get install $i"
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " apt-get install $i"
            fi
        fi
    
    }
    
    install_rpm_dnf() {
        i=$1
        sudo -v > /dev/null 2>/dev/null
        if [ $? -eq 0 ]; then 
            echo "sudo password "
            sudo dnf -y install $i
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " dnf install $i"
            fi
        else 
            echo "super user password "
            su -c "dnf -y install $i"
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " dnf install $i"
            fi
        fi 
    }
    
    install_rpm() {
        i=$1
        sudo -v > /dev/null 2>/dev/null
        if [ $? -eq 0 ]; then 
            echo "sudo password "
            sudo yum -y install $i
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " yum install $i"
            fi
        else 
            echo "super user password "
            su -c "yum -y install $i"
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " yum install $i"
            fi
        fi 
    }
    
    install_from_repo() {
        url=$1
        sudo -v > /dev/null 2>/dev/null
        if [ $? -eq 0 ]; then 
            echo "sudo password "
            sudo rpm -Uvh $url
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo "rpm -Uvh $url"
            fi
        else 
            echo "super user password "
            su -c " rpm -Uvh $url"
            if [ $? -ne 0 ]; then
                echo "Failed to install dependencies.Please execute following command manually."
                echo " rpm -Uvh $url"
            fi
        fi 
    }
    #determine the OS TYPE
    determine_os_type() {
        if [ -f /etc/centos-release ]; then
            OS_MAJOR_VERSION=$(cat /etc/centos-release | grep -o '.[0-9]'| head -1|sed -e 's/ //')
            if [ $OS_MAJOR_VERSION = 6 ]; then
                OS_TYPE=${SUPPORTED_OSTYPES_LIST[$CENTOS_6]} 
            elif [ $OS_MAJOR_VERSION = 7 ]; then 
                OS_TYPE=${SUPPORTED_OSTYPES_LIST[$CENTOS_7]} 
            else
                OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]}
            fi
        elif [ -f /etc/fedora-release ]; then 
            OS_TYPE=${SUPPORTED_OSTYPES_LIST[$FEDORA]}
        elif [ -f /etc/redhat-release ]; then
            OS_MAJOR_VERSION=$(cat /etc/redhat-release | grep -o '.[0-9]'| head -1|sed -e 's/ //')
            if [ $OS_MAJOR_VERSION = 7 ]; then
                OS_TYPE=${SUPPORTED_OSTYPES_LIST[$RHEL_7]} 
            else
                OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]}
            fi
        else 
            OSNAME=$(lsb_release -d | grep -o "Ubuntu")
            if [ "X$OSNAME" != "X" ]; then
                UBUNTU_VER=$(lsb_release -d | grep -o '.[0-9]*\.'| head -1|sed -e 's/\s*//'|sed -e 's/\.//')
                if [ $UBUNTU_VER = 14 ]; then
                    OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UBUNTU_14]}
                elif [ $UBUNTU_VER = 15 ]; then
                    OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UBUNTU_15]}
                elif [ $UBUNTU_VER = 16 ]; then
                    OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UBUNTU_16]}
                 elif [ $UBUNTU_VER = 18 ]; then
                    OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UBUNTU_16]}
                else 
                    OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]}
                fi
            else
    			if [ -f /etc/debian_version ]; then
    	        	DEBIAN_MAJOR_VERSION=$(cat /etc/debian_version | grep -o '[0-9]'| head -1|sed -e 's/ //')
    				if [ $DEBIAN_MAJOR_VERSION = 8 ]; then 
    					OS_TYPE=${SUPPORTED_OSTYPES_LIST[$DEBIAN_8_9]}
    				elif [ $DEBIAN_MAJOR_VERSION = 9 ]; then 
    					OS_TYPE=${SUPPORTED_OSTYPES_LIST[$DEBIAN_8_9]}
    				else
    					OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]}
    				fi
    			else
    				OS_TYPE=${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]}
    			fi
            fi
    
        fi
    }
    
    check_and_install_missing_dependencies() {
        echo "Checking for missing dependency packages ..."
        if [ $OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]} ]; then
            return 
        fi
        isRpmBased=0
        isDebBased=0
        dependencyListName=${OS_TYPE}_DEPENDENCIES
        dependencyListNameWithVersion=${OS_TYPE}_DEPENDENCIES_WITH_VERSION
        if [[ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$CENTOS_6]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$CENTOS_7]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$FEDORA]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$RHEL_7]}) ]]; then
            isRpmBased=1
        elif [[ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_14]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_15]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_16]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_18]}) || \
            ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$DEBIAN_8_9]}) ]]; then
            isDebBased=1
        fi
     
        if [ $isRpmBased = 1 ]; then
            eval "depListArr=(\${${dependencyListName}[@]})"
            eval "depListArrWithVersion=(\${${dependencyListNameWithVersion}[@]})"
            tam=${#depListArr[@]}
            PKGREQ=""
            for ((i=0; i < $tam; i++)); do
                depPkgName=${depListArr[i]}
                curPkgVar=`rpm -qa | grep -i $depPkgName | grep -i "x86_64"`
                if [ "X$curPkgVar" = "X" ]; then
                    echo "$depPkgName is missing in the machine"
                    PKGREQ="$PKGREQ ${depListArrWithVersion[i]}"
                fi 
            done
            if [ "X" != "X$PKGREQ" ]; then
                # Install respective packages based on the current installation
                for i in `echo $PKGREQ`
                do
                    if [ $OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$FEDORA]} ]; then 
                        install_rpm_dnf $i 
                    else
                        install_rpm $i 
                    fi
                done
            fi
        elif [ $isDebBased = 1 ]; then
            eval "depListArr=(\${${dependencyListName}[@]})"
            eval "depListArrWithVersion=(\${${dependencyListNameWithVersion}[@]})"
            tam=${#depListArr[@]}
            PKGREQ=""
            for ((i=0; i < $tam; i++)); do depPkgName=${depListArr[i]} curPkgVar=`dpkg-query -f '${binary:Package}\n' -W | grep -i $depPkgName| grep -i ":amd64" ` if [ "X$curPkgVar" = "X" ]; then PKGREQ="$PKGREQ ${depListArrWithVersion[i]}" fi done if [ "X$PKGREQ" != "X" ]; then for i in `echo $PKGREQ` do install_deb $i done fi echo "" fi } ###################################################################################################### # Function to verify if dependencies are installed # Args : None # Return : None #function check_dep () #{ function command_line_client_checks() { echo "Checking for missing dependency packages for command line client ..." if [ $OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UNSUPPORTED]} ]; then return fi RPM_DIST=0 DPKG_DIST=0 if [[ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$CENTOS_6]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$CENTOS_7]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$FEDORA]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$RHEL_7]}) ]]; then RPM_DIST=1 elif [[ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_14]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_15]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_16]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$UBUNTU_18]}) || \ ($OS_TYPE = ${SUPPORTED_OSTYPES_LIST[$DEBIAN_8_9]}) ]]; then DPKG_DIST=1 fi if [ $RPM_DIST -eq 1 ]; then PKGREQ="" glibc=`rpm -qa | grep -i glibc | grep -i "x86_64"` if [ "X$glibc" = "X" ]; then echo "glibc is missing in the machine" > $LOG
                PKGREQ="glibc"
            fi  
            nss=`rpm -qa | grep -i nss-softokn-freebl | grep -i "x86_64"`
            if [ "X$nss" = "X" ]; then 
                echo "nss is missing in the machine" > $LOG
                PKGREQ="$PKGREQ nss"
            fi  
            zlib=`rpm -qa | grep -i zlib | grep -i "x86_64"`
            if [ "X$zlib" = "X" ]; then 
                echo "zlib is missing in the machine" > $LOG
                PKGREQ="$PKGREQ zlib"
            fi
            if [ "X" != "X$PKGREQ" ]; then
                sudo -v > /dev/null 2>/dev/null
                if [ $? -eq 0 ]; then 
                    echo "sudo password "
                    sudo yum -y install $PKGREQ
                    if [ $? -ne 0 ]; then
                        echo "Failed to install dependencies.Please execute following command manually."
                        echo " yum install $PKGREQ"
                    fi
                else 
                    echo "super user password "
                    su -c "yum -y install $PKGREQ"
                    if [ $? -ne 0 ]; then
                        echo "Failed to install dependencies.Please execute following command manually."
                        echo " yum install $PKGREQ"
                    fi
                fi 
            fi
        elif [ $DPKG_DIST -eq 1 ]; then 
            PKGREQ=""
            libc=`dpkg-query -f '${binary:Package}\n' -W | grep -i libc6:amd64`
            if [ "X$libc" = "X" ]; then 
                PKGREQ="libc6"
            fi  
            if [ "X" != "X$PKGREQ" ]; then
                sudo -v > /dev/null 2>/dev/null
                if [ $? -eq 0 ]; then 
                    echo "sudo password : "
                    sudo apt-get install $PKGREQ 
                    if [ $? -ne 0 ]; then
                        echo "Failed to install dependencies.Please execute following command manually."
                        echo " apt-get install $PKGREQ"
                    fi
                else 
                    echo "super user password : "
                    su -c "apt-get install $PKGREQ"
                    if [ $? -ne 0 ]; then
                        echo "Failed to install dependencies.Please execute following command manually."
                        echo " apt-get install $PKGREQ"
                    fi
                fi
            fi
        fi 
        
        if [ ! -e $INSTALLDIR ]; then 
            echo "Pulse is not installed. Please check if Pulse is installed properly"
            exit 1
        fi 
    # create $HOME/.pulse_secure/pulse/ directory 
        if [ ! -d $PULSEDIR ]; then 
            mkdir -p $PULSEDIR
            if [ $? -ne 0 ]; then 
                echo "Setup is not able to create $PULSEDIR. Please check the permission"
                exit 2
            fi 
        fi
    
        if [ $NOARGS -eq 0 ]; then 
            $INSTALLDIR/$SVCNAME -C -H
            keyUsage
    	    exit 0
        fi
        # LD_LIBRARY_PATH is updated to use /usr/local/pulse/libsoup-2.4.so in CentOS6.4
        # This library will be present only in the case of CentOS6.4 but setting 
        # LD_LIBRARY_PATH for other platforms will not be harmful. 
        export LD_LIBRARY_PATH=/usr/local/pulse:$LD_LIBRARY_PATH
    
        echo "executing command : $INSTALLDIR/$SVCNAME $args" 
        # -C option added to indicate service is launched from command line - hidden option
        #args="-C $args"
        # pass the args to pulsesvc binary 
        $INSTALLDIR/$SVCNAME -C $SCRARGS
    }
    
    function check_error ()
    {
    	errorCode=$1
    	errorString=$2
    	if [ $1 != 0 ] && [ "X$errorString" != "X" ]; then 
    		echo "ErrorMessage : $errorString" 
    		exit 3
    	fi
    }
    
    function install_pfx()
    {
    	filename=$1
    	keyFileBaseName=$(basename $filename)
    	keyFileName="${keyFileBaseName%.*}"
    	privKeyFileName="$PULSECERTDIR/$keyFileName-priv.pem"
    	pubKeyFileName="$PULSECERTDIR/$keyFileName-pub.pem"
    	# pkcs12 file format support starts here
    	if [ ! -f $filename ]; then 
    		echo "$filename does not exists. Please check the pfx file location "
    		exit 2;
    	fi
            warn_user_for_overwrite ${pubKeyFileName} 
    	#$OPENSSLCMD pkcs12 -info -in $filename -passin pass:$password -nodes 2>/dev/null
    	#$OPENSSLCMD pkcs12 -info -in $filename -nodes 2>/dev/null
    	#check_error $? "$FUNCNAME: File Extension is .pfx/.p12 but content is not"
    	echo "Extracting Private Key from $filename"
    	$OPENSSLCMD pkcs12 -in $filename -nocerts -out $privKeyFileName  -nodes
    	check_error $? "$FUNCNAME: Private key extraction failed"
    	echo "Extracting Public Key from $filename"
    	$OPENSSLCMD pkcs12 -in $filename -clcerts -nokeys -out $pubKeyFileName -nodes
    	check_error $? "$FUNCNAME: Public key extraction failed"
    	echo "Filename : $filename Password:$password "
    	$INSTALLDIR/$UTILNAME -K $privKeyFileName -C "${keyFileName}-pub"
            if [ $? != 0 ]; then
                #Failed to add private keys to gnome-keyring, remove the public certficate.
                rm $pubKeyFileName
            else
                echo "Successfully added certificate to Pulse Certificate store."
            fi
    
    	if [ "X$privKeyFileName" != "X" ]; then 
    		rm $privKeyFileName
    	fi
    }
    
    function warn_user_for_overwrite()
    {
        certFile=$1
        if [ -f $certFile ]; then
            name=$(basename "$certFile" ".pem")
            echo 
            echo "Client certificate with name ${name} already"\
                 "exists in pulse certficate store. New certificate will "\
                 "overwrite the exisitng one."
            read -e -p "Do you want to continue[y/n]: " choice
            if ! [[ "${choice:0:1}" == "Y" || "${choice:0:1}" == "y" ]]; then
                echo "Aborting the certificate installation."
                exit 0;
            fi
        fi
    }
    
    function check_cert_names_same()
    {
        priv=$1
        pub=$2
        priv=$(basename $priv)
        priv=${priv%.*}
        pub=$(basename $pub)
        pub=${pub%.*}
        if [ $priv != $pub ]; then
            echo "Failed to install certificate. Both Private($priv) and Public($pub) certificate should have same name."
            exit 0;
        fi
    }
    
    function install_keys()
    {
    	FILETYPE=$1
    	privKeyInFile=$2
    	privKeyOutFile=$3
    	FAIL=1
    	keytype="rsa dsa"
    	for i in `echo $keytype`
    	do
    		$OPENSSLCMD $i -inform $FILETYPE -in $privKeyInFile -out $privKeyOutFile 2>/dev/null
    		if [ $? == 0 ]; then
    			FAIL=0
    			break;
    		fi
    	done
    	check_error $FAIL "Failed to extract private keys. Supported keys are rsa and dsa"
    }
    
    function install_priv_pub_keys()
    {
    	privKeyFilePath=$1
    	privKeyFileBaseName=$(basename $1)
    	privKeyFileName="${privKeyFileBaseName%.*}"
    	privKeyFileExt="${privKeyFileBaseName##*.}"
    	pubKeyFilePath=$2
    	pubKeyFileBaseName=$(basename $2)
    	pubKeyFileName="${pubKeyFileBaseName%.*}"
    	pubKeyFileExt="${pubKeyFileBaseName##*.}"
    	privKeyPEMFile="${privKeyFileName}_tmp.pem"
    	pubKeyPEMFile="$PULSECERTDIR/$pubKeyFileName.pem"
    
            warn_user_for_overwrite ${pubKeyPEMFile}
    	# Public Key Handling 
    	if [[ $pubKeyFileExt == *"p7b" || $pubKeyFileExt == *"p7c" ]]; then
    		openssl pkcs7 -print_certs -in $pubKeyFilePath -out $pubKeyPEMFile
    		check_error $? "$FUNCNAME: convert $pubKeyFileName to PEM format failed"
    	else 
    		# pkcs 8 format should be given as pem/der file here
    		if [[ $pubKeyFileExt == *"der" || $pubKeyFileExt == *"cer" ]]; then
    			$OPENSSLCMD x509 -inform der -in $pubKeyFilePath  -out $pubKeyPEMFile
    			check_error $? "$FUNCNAME: convert $pubKeyFileName to PEM format failed"
    		elif [[ $pubKeyFileExt == *"pem" || $pubKeyFileExt == *"crt" ||
    				$pubKeyFileExt == *"key" || $pubKeyFileExt == *"pub" ]]; then
    			cp $pubKeyFilePath $pubKeyPEMFile
    		else
    			check_error 1 "$FUNCNAME: Unknown Public Key File Format"
    		fi
    	fi
    	# Private Key Handling 
    	if [[ $privKeyFileExt == *"der" || $privKeyFileExt == *"cer" ]]; then
    		install_keys "der" $privKeyFilePath $privKeyPEMFile
    	elif [[ $privKeyFileExt == *"pem" || $privKeyFileExt == *"crt" ||
    				$privKeyFileExt == *"key" ]]; then
    		# this command removes the password temporarily to install it in gnome-keyring
    		install_keys "pem" $privKeyFilePath $privKeyPEMFile
    	elif [[ $privKeyFileExt == *"pk8" ]]; then
    		install_keys "pkcs8" $privKeyFilePath $privKeyPEMFile
    	else
    		check_error 1 "$FUNCNAME: Unknown Private Key File Format"
    	fi
    	echo "Filename : $filename Password:$password "
    	$INSTALLDIR/$UTILNAME -K $privKeyPEMFile -C $pubKeyFileName
            if [ $? != 0 ]; then
                #Failed to add private keys to gnome-keyring, remove the public certficate.
                rm $pubKeyPEMFile
            else
                echo "Successfully added certificate to Pulse Certificate store."
            fi
    
    	if [ "X$privKeyPEMFile" != "X" ]; then 
    		rm $privKeyPEMFile
    	fi
    }
    function keyUsage() 
    {
    	echo "Client Certificate Options:"
            echo "                           $SCRNAME install_certificates "
    	echo "					[-inpfx < PFX file > ]"  
    	echo "					[-inpriv  -inpub ]" 
    	echo "                           Note: password is required for installing private and public keys separately."
            echo "                                                                                         "
    	echo "                           $SCRNAME delete_certificates "
    	echo "					[-certName ]"
    	echo "                           $SCRNAME list_installed_certificates "
    	exit 1
    }
    ######################################################################################################
    # Function to install certificates
    # Args   : certificate details
    # Return : None
    # function install_certificate ()
    function install_certificate()
    {
            echo
            echo "Certficate is installing by user: \"$USER\" "\
                 "Please make sure that client certificates to be installed by logged in DESKTOP user only."
            read -e -p "Do you want to continue[y/n]: " choice
    
            if ! [[ "${choice:0:1}" == "Y" || "${choice:0:1}" == "y" ]]; then
                echo "Aborting the certificate installation."
                exit 0;
            fi
    
    	privKeyFileName=""
    	pubKeyFileName=""
       	echo "install_certificate : $@"
    	while [ $# -gt 0 ]
    	do
    		case "$1" in 
    			-inpfx) filename="$2"; shift;;
    			-inpriv) privKeyFileName="$2"; shift;;
    			-inpub) pubKeyFileName="$2"; shift;;
    			-*) keyUsage
    		esac
    		shift
    	done
    	if [ ! -d $PULSECERTDIR ]; then
    		echo "$PULSECERTDIR does not exists. Creating.."
    		mkdir -p $PULSECERTDIR
    	fi
    	if [[ $filename == *".pfx" || $filename == *".p12" ]]
    	then 
    		install_pfx $filename
    	elif [ "X$privKeyFileName" != "X" ] && [ "X$pubKeyFileName" != "X" ]; then 
    		echo "Private Key: $privKeyFileName and Public Key: $pubKeyFileName"
                    check_cert_names_same $privKeyFileName $pubKeyFileName
    		install_priv_pub_keys $privKeyFileName $pubKeyFileName
    	else 
    		keyUsage
    	fi
    }
    # End of function install_certificate ()
    ######################################################################################################
    ######################################################################################################
    # Function to delete certificates
    # Args   : certificate name 
    # Return : None
    # function delete_certificate ()
    function delete_certificate()
    {
    	cert_name=""
       	echo "delete_certificate : $@"
    	while [ $# -gt 0 ]
    	do
    		case "$1" in 
    			-certName) cert_name="$2"; shift;;
    			-*) keyUsage
    		esac
    		shift
    	done
    	if [ "X$cert_name" != "X" ]; then 
    		echo "Certificate Name :$cert_name "
    		#Remove Private Key from Gnome-Keyring
    		$INSTALLDIR/$UTILNAME -D $cert_name 
    		if [ -e $PULSECERTDIR/$cert_name.pem ]; then 
    			rm -rf $PULSECERTDIR/$cert_name.pem
    		else
    			echo -e "Public key file $PULSECERTDIR/$cert_name.pem doesn't exists"
    		fi
    	else
    		keyUsage
    	fi
    }
    # End of function delete_certificate ()
    
    #List the installed certificate in pulse certficate store.
    function list_certificates()
    {
        for i in `ls $PULSECERTDIR/*.pem`;
        do
               name=$(basename "$i" ".pem")
               echo -e "\nCertificate Name:" $name;
               $OPENSSLCMD x509 -in $i -text | grep -i "Subject:\|Issuer:\|Validity\|Not Before\|Not After";
        done
    }
    
    ######################################################################################################
    
    
    if [ "X$1" = "Xinstall_dependency_packages" ] ; then
        determine_os_type
        check_and_install_missing_dependencies
    elif [ "X$1" = "Xinstall_certificates" ] ; then
        install_certificate $SCRARGS
    elif [ "X$1" = "Xdelete_certificates" ] ; then
        delete_certificate $SCRARGS
    elif [ "X$1" = "Xlist_installed_certificates" ] ; then
        list_certificates
    else
        determine_os_type
        command_line_client_checks
    fi
    
    
  2. You should now have Pulse Secure Client installed and can run the client from your applications menu.

 

Using the Pulse Secure Client

  1. The first time you run the client, you will need to add the FAU vpn connection.
    1. Click the plus sign to add a connection
    2. Enter “FAU VPN” for the Name
    3. Enter “https://vpn.fau.edu” for the URL
    4. Click “Save”
  2. Click “connect” and provide your NetID and Password to connect
Posted in How-To-Guides