Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Installation Packages for Juniper Secure Connect Rollout


As a system administrator, you can also build your own rollout packages, if required. Building the rollout packages is an optional step. When you create rollout packages for Juniper Secure Connect application, you can install the application across the organization. Read the following steps to learn how you, as a system administrator can prepare the Juniper Secure Connect installer for the software rollout.

You can use an installation package for easy rollout of the Juniper Secure Connect application. You must be assigned the privileges of a system administrator to perform the following steps:

  1. Install the Juniper Secure Connect application manually on one device. After the installation is complete, initiate a connection to the profiles to be saved for the users.

  2. Create a folder with name JuniperSecureConnect including the sub-directories as shown below (all directory are case sensitive):






  3. Copy tncpphone.cfg file from C:\ProgramData\Juniper\SecureConnect\Data folder to the following folder:


  4. Copy your CA certificates to the following folder:


  5. Copy the Nam_ of_juniper_secure_connect_filename.exe to the following folder:


  6. Open the command prompt using cmd command and navigate to C:\JuniperSecureConnect folder path and execute the following command:

    Nam_ of_juniper_secure_connect_filename.exe /s /b"C:\JuniperSecureConnect" /v"/qn EXTRACT_MSI_ONLY=1"
  7. (Optional) To add a custom branding option, follow these steps:

    • Create an .ini file named cbo.ini that contains the following information:

    • Create a logo in .bmp file format and with cbo.bmp file name. The width of the image must be 328 pixels only. The height of the image can be adjusted from 24 pixels and above.

    • You can optionally create an HTML file with cbo.html as a file name that will open if the user clicks on the logo in the application.

    • Now copy these three files (cbo.ini, cbo.bmp, and cbo.html) into the following folder:


  8. Skip this step, if you are using pre-shared key authentication method.

    For EAP-TLS authentication, you must save the user certificates only with name user.p12 in below directory.


    Ensure that user certificate is unique for each installation package.

  9. You can optionally start the installation using the .exe or the .msi installer. Based on your choice you can also remove one of the installers (.exe or .msi) from the folder if you want to reduce the amount of data distributed:


    • exe installer prompts for an interactive installation

    • msi installer can be silent. Following are your options for the msi installer:

      Table 1: msi Installer Options



      msiexec.exe /I

      Install the application

      msiexec.exe /uninstall

      Uninstall the application


      MSI installer package


      Silent installation




      0=No shortcut on desktop, 1=Shortcut on desktop

      /log path

      Path for installation log


      Forces a reboot of the system automatically without any user notification


      Prevents a reboot from happening, a reboot is mandatory to use the application


      Users will be prompted to reboot their device, a reboot is mandatory to use the application

      Following is the example syntax to install the client silently with a forced reboot and save a shortcut to the application on the desktop: