Overview

---

Unmanaged devices that are unable to install or run Qualys, Trellix, or Intune will need to file for an exception in order to connect to the UCSD VPN secure-connect tunnel groups. If an exception request is approved, then a device certificate will be issued. The following article outlines how to download and install this device certificate for MacOS, Windows, and Linux devices.

Critical Concepts

---

• You will need an approved VPN exception request in order to complete the following steps. If you need to submit an exception request form for the VPN, please visit the SecureConnect Exception Request form.
• For information about the VPN, see Virtual Private Networks (VPN) at UCSD.
• You will need to have the Cisco Secure Client installed on your device in order to use the UCSD VPN. For information about installing this client on your device, see Configure VPN Client on your Computer, Tablet, or Phone. 
• You will need to be signed into your device with a local admin account in order to install the exception-provided device certificate. If you have a UCSD-issued device and you do not have administrative rights, please contact your local IT team for assistance.

Steps to Take

---

MacOS

1. Navigate to the link provided to you in your approved exception request ticket.
2. Ensure that the “Select your device” option at the bottom of the page says “macOS”. If not, click on the dropdown menu and choose macOS.
   
   
   
   
3. Click on Certificate Download. An installer will automatically download under the name “UCSD_BYOD_Enrollment.dmg”. If you get a pop-up window to save the file, click Save.
4. Click on the installer to open it. 
5. The following pop-up window will appear. Double-click on the icon to run the installer.
   
   
   
   
6. You may get the following message. Click Don’t Allow.
   
   
   
   
7. The following warning will appear. Click Open to proceed with the installation.
   
   
   
   
8. Another pop-up will appear asking to enter the device password in order to make changes to the Certificate Trust Settings. Enter your Administrative (system) username and password, then click Update Settings.
9. Next, click on the following window to navigate to it and click Next.
   
   
   
   
10. You will be redirected to a Single Sign-On page. Enter your active directory (AD) credentials and click Login.
11. You will then receive a Duo prompt. Approve the prompt to proceed.
12. Navigate back to the pop-up window from step 9. Click Next.
13. Another pop-up window will appear. Click OK.
14. You will then be redirected to your System Settings. Double-click on the “University of California San Diego UCSD-PROTECTED” profile.
    
    
    
    
15. You will then see the following screen. Click Install.
    
    
    
    
16. Click Install again. If prompted, enter your Administrative (system) username and password.
17. Back on the pop-up window from step 9, click Done.
18. You will be redirected to the “Configure VPN Client on your Computer, Tablet, or Phone” KBA. If you have already installed the Cisco Secure Client VPN, you can close out the window.
19. Open the VPN. In the window that appears, type in "vpn-exception.ucsd.edu", then click Connect.
20. Enter your UCSD credentials and click OK.
21. You may get the following prompt. Input your Administrative (system) username and password and click Always Allow.
    
    

Windows

1. Navigate to the link provided to you in your approved exception request ticket.
2. Ensure that the “Select your device” option at the bottom of the page says “Windows 10 & Above”. If not, click on the dropdown menu and choose Windows 10 & Above.
   
   
   
   
3. Click on Certificate Download. An installer will automatically download under the name “UCSD_BYOD_Enrollment.exe”. If you get a pop-up window to save the file, click Save.
4. Click on the installer. On the pop-up that appears, click Yes.
5. The following pop-up window will appear. Click Next to proceed to the next step.
   
   
   
   
6. You will be redirected to a Single Sign-On page. Enter your active directory (AD) credentials and click Login.
7. You will then receive a Duo prompt. Approve the prompt to proceed.
8. The certificate will then install. Once it has finished, the pop-up window from step 5 will say “Joined…”. Once you see this screen, click Done.
9. You will be redirected to the article "Configure VPN Client on your Computer, Tablet, or Phone". If you already have the Cisco Secure VPN Client installed, close out this tab.
10. Open the VPN. In the window that appears, type in "vpn-exception.ucsd.edu", then click Connect.
11. Enter your UCSD credentials and click OK.

Linux

1. Navigate to the link provided to you in your approved exception request ticket.
2. Ensure that the “Select your device” option at the bottom of the page says “Linux”. If not, click on the dropdown menu and choose Linux.
   
   
   
   
3. Click on Certificate Download. An installer will automatically download under the name “SecureW2_JoinNow.run”. If you get a pop-up window to save the file, click Save.
4. Next, open the “Terminal” application on your device. Navigate to your Downloads folder and then run the command sh SecureW2_JoinNow.run. 
   1. When you have run this command, to go next, hit ENTER.
      
      
      
      
5. You will be redirected to a Single Sign-On page. Enter your active directory (AD) credentials and click Login.
6. You will then receive a Duo prompt. Approve the prompt to proceed.
7. In the “Terminal” application, you will see messages that a certificate is being generated. Once you see “Joined…” the certificate has successfully installed on your device.
8. Open the VPN. In the window that appears, type in "vpn-exception.ucsd.edu", then click Connect.
9. Enter your UCSD credentials and click OK.