![citrix mac ssl error 61 citrix mac ssl error 61](https://www.markbrilman.nl/wp-content/uploads/2012/02/1-selectcert.jpg)
Citrix mac ssl error 61 Pc#
One of the likely causes is that the PC you are working on is missing it’s Trusted Root or Intermediate Certificate. Now what, what can be done to fix this issue?Ĭheck your Trust Root or Intermediate Certificate To your surprise, the application will not open and returns an SSL Error 61. After doing so, you test your applications by launching your favorite Citrix XenApp Application. Downside is you need Internet Explorer.So, it was finally time to rollout SHA2 certificates for your Citrix environment. Easiest way I found is to use Internet Explorer and examine the SSL certificate chain and export them that way.
![citrix mac ssl error 61 citrix mac ssl error 61](https://i.stack.imgur.com/rOK5V.png)
Anyone found an easy way of accessing the VeriSign intermediate CA's certificates? You can only find the root CA's, and not the intermediate CA's.Why is it that no one bothers to get acquainted with basic PKI operations? How can one offer security if you don't know the rules?ĭISCLAIMER: I don't claim to know everything on the subject, but for an intranet access gateway for over 10.000 employees you should know what you're doing.Either way, I have no way of checking this. Either Citrix has no way of doing this, or the SysOps have no idea what they're doing. My first guess The intermediate certificate is not imported/installed on the device. Why isn't the Secure gateway (or whatever it's called) not sending the Intermediate CA's during the connection setup?.This left me with a couple of questions (mostly SysOp related I guess) Applications/Citrix ICA Client/keystore/cacerts/VeriSignClass3SecureServerCA-G2.crtĪfter relaunching the client the connection went flawless.
Citrix mac ssl error 61 full#
The full path to the intermediate CA on my system is: The certificate should be located in the following sub directory of the Citrix ICA Client folder keystore/cacerts/ crt extension) in that location ( Citrix explanation here). The workaround is to create a folder hierarchy in the Citrix Client folder (Most likely to be /Application/Citrix ICA Client/), and place the binary encoded root certificate (with a. It seems that the Citrix ICA Client has the CA's build in, so it completely ignores your trusted CA's. Everything in between should be provided during the communications setup.Īnyway, since this is not completely new to me, I found the correct CA in the FireFox keystore (I ran into this on a website a while back), and exported it, imported it in the OSX Keychain and thought that everything would be oké. The basis of PKI is that you should preferably trust ROOT CA's only.
![citrix mac ssl error 61 citrix mac ssl error 61](https://i.stack.imgur.com/1keFa.png)
![citrix mac ssl error 61 citrix mac ssl error 61](https://adamtheautomator.com/wp-content/uploads/2021/10/How-to-Install-and-Configure-Citrix-Receiver-on-Ubuntu-Workspace.jpg)
Since it's issued by an intermediate certificate, the service you're trying to access should provide you with this CA during the initial exchange key while establishing the SSL connection. Problem is that this SSL Certificate is issued by an INTERMEDIATE CA. Most likely, the original SSL certificate expired, and they installed a new SSL certificate on the Citrix gateway. For someone who works with PKI, one would think that they would remember choosing NOT to trust a public VeriSign CA. The error message suggests that I have changed something on my Mac, but not that I know. Today, completely out of the blue came this error: Apart from some little quirks (like not functioning well when having two displays), the experience is good. I've been using the OSX ICA Client for a couple of months now to access my mail on the company intranet. They also have an ICA client for Apple OSX (Yeeehaaaaa). They have several solutions for remote access and thin client computing. The great thing about Citrix is that you can access company resources from almost anywhere.