Are you seeing the same issue on Windows platforms as well? Do you see any errors in the User Access Logs on the SA?

 

I hope you have already imported the cert into the Trusted Client CA list on the SA as well. 

 

Yes same issue with windows xp junos pulse client. Although I can't even see the option for certificates in the client. In the user access logs 'no cert' error msg every time which is right because I can't choose the client certificate in the pulse client.

Yes root certificate has been imported into trusted Client CA list. I'm going to try generating different client certificates using different ciphers on the CA to see if that's the issue why they don't appear in the cert list

The easiest way to test is install the certificate in firefox or internet explorer and try to authenticate to the SA using the browser.  If the certificate does not appear in the browser, then the certificate was issued incorrectly.  In most cases, you'll want to make sure the key usage of 'client authentication' is enabled on the end user certificate.

Thanks all for your input, have resolved the issue! The problem was that I exported the root certificate in der format to upload to the juniper sa series appliance. so I also exported the created client certificates in der format which didn't include the private key. Resolution - i exported the client certificate in pfx format with a password which worked fine. I found the best way to install the certificates on the iPad/iPhone for junos pulse was via the IPCU, so created a configuration profile with the root and client cert included and emailed it. Notes. I removed and re-installed junos pulse when adding or removing a profile (testing) so it found the new client cert. Another issue I found with the IPCU was if I created a VPN profile with juniper ssl and certificate authentication and chose the client cert from the payload was that when I open it in the email it would say 'invalid profile', after removing the VPN profile it worked fine. when installing the IPCU config profile on the ipad/iphone it will say 'not verified' but this still works fine.