Stéphane Thirion
  • Home
  • Consulting – Raidho
  • homelab
3K
0
0
0
Stéphane Thirion
Stéphane Thirion
  • Home
  • Consulting – Raidho
  • homelab
  • Apple
  • Citrix
  • Mac OSx
  • XenApp
  • XenServer

Citrix Online Plug-in for Mac, SSL Error 61: You have not chosen to trust…

  • March 3, 2010
  • Stephane Thirion
Total
0
Shares
0
0
0
0
0
0
0

In this post I explain how I tried to troubleshoot this issue, if you need the solution, go at the end of this post.

My company (Activlan) had to renew our certificate installed on our Citrix Secure Gateway 3.1.3. As you might know, Citrix has issued some virtual appliance and I had to chose between, Citrix Access Gateway 4.6.2 VPX and Netscaller VPX Express (Free !). My choice was to integrate a Citrix Access Gateway (CAG) mainly because we are using other product to manage VPN to all our customers and I wanted to install what I needed, nothing less, nothing more.

So here we go, I got my xva file from MyCitrix account and I just deploy it on our XenServer, very easy, very simple, just some clicks. Once installed and basics configuration set, I had to generate the CSR (Certificate Signing Request) and wait for Verisign to send me the certificate I had to use with the CAG. This was a big adventure and of course I should have read the manual before, and configuration isn’t so easy but I guess when you do it all day long you begin to know everything and I can say now, I know how to troubleshoot a CAG from the client side to the Web Interface.

This error I got with my Mac didn’t show up on my Windows computers. In fact Apple doesn’t have a very big list of root certificate install on their OS compare to Windows. Here is the error message I got when I wanted to launch published application (XenApp). I was able to login in the CAG and the Web Interface as well, but not able to launch application.

SSL Error 61: You have not chosen to trust “Verisign Class 3 Secure Server CA – G2”, the issuer of the server’s security certificate.

Error number: 183

Sexy message, isn’t it ?

 

After searching around a bit I found this thread on Citrix’s forums :  everything went clear, I didn’t had the root certificate on my computer to validate my brand new certificate from Verisign… So I tried to find how to get these root certificates, especially Verisign Class 3 Secure Server CA – G2, the one I needed. I found this Verisign address  where you just have to fill a form to get a zip with everything what you might need :

Source code   
Stephane-THIRIONs-MacBook:VeriSign Root Certificates stephane$ ls ./*
./Roots ReadMe.txt	./SHA1 Thumbprints.txt	./Serial Numbers.txt
 
./Generation 1 (G1) PCAs:
Class 1 Public Primary Certification Authority.cer	Class 2 Public Primary Certification Authority.cer	Class 3 Public Primary Certification Authority.cer
Class 1 Public Primary Certification Authority.pem	Class 2 Public Primary Certification Authority.pem	Class 3 Public Primary Certification Authority.pem
Class 1 Public Primary Certification Authority.txt	Class 2 Public Primary Certification Authority.txt	Class 3 Public Primary Certification Authority.txt
 
./Generation 2 (G2) PCAs:
Class 1 Public Primary Certification Authority - G2.cer	Class 2 Public Primary Certification Authority - G2.pem	Class 3 Public Primary Certification Authority - G2.txt
Class 1 Public Primary Certification Authority - G2.pem	Class 2 Public Primary Certification Authority - G2.txt	Class 4 Public Primary Certification Authority - G2.cer
Class 1 Public Primary Certification Authority - G2.txt	Class 3 Public Primary Certification Authority - G2.cer	Class 4 Public Primary Certification Authority - G2.pem
Class 2 Public Primary Certification Authority - G2.cer	Class 3 Public Primary Certification Authority - G2.pem	Class 4 Public Primary Certification Authority - G2.txt
 
./Generation 3 (G3) PCAs:
VeriSign Class 1 Public Primary Certification Authority - G3.cer	VeriSign Class 3 Public Primary Certification Authority - G3.cer
VeriSign Class 1 Public Primary Certification Authority - G3.pem	VeriSign Class 3 Public Primary Certification Authority - G3.pem
VeriSign Class 1 Public Primary Certification Authority - G3.txt	VeriSign Class 3 Public Primary Certification Authority - G3.txt
VeriSign Class 2 Public Primary Certification Authority - G3.cer	VeriSign Class 4 Public Primary Certification Authority - G3.cer
VeriSign Class 2 Public Primary Certification Authority - G3.pem	VeriSign Class 4 Public Primary Certification Authority - G3.pem
VeriSign Class 2 Public Primary Certification Authority - G3.txt	VeriSign Class 4 Public Primary Certification Authority - G3.txt
 
./Generation 4 (G4) PCA:
VeriSign Class 3 Public Primary Certification Authority - G4.cer	VeriSign Class 3 Public Primary Certification Authority - G4.txt
VeriSign Class 3 Public Primary Certification Authority - G4.pem
 
./Generation 5 (G5) PCA:
VeriSign Class 3 Public Primary Certification Authority - G5.cer	VeriSign Class 3 Public Primary Certification Authority - G5.txt
VeriSign Class 3 Public Primary Certification Authority - G5.pem
 
./VeriSign Universal Root CA:
VeriSign Universal Root Certification Authority.cer	VeriSign Universal Root Certification Authority.pem	VeriSign Universal Root Certification Authority.txt
Stephane-THIRIONs-MacBook:VeriSign Root Certificates stephane$

As you can see, the root certificate I’m looking for is here. I just find the good file and click on it, after validate this action with my password the certificate was install in the system Keychain Access in my Mac. You can go to check if the certificate is correctly installed, open Keychain Access in your Mac utilities folder (cmd+shift+U) :

Here it is. I though I was good to go and able to launch my applications, but no, not yet… I still got the same error message… My next step was to import our new certificate on my Mac as well following the same step as above. Importing the certificate didn’t work also, but importing the certificate with the intermediate certificate did the trick. A bit more explanation about Intermediate Certificate here.

Question : Did our new certificate with the intermediate certificate without the root certificate update is enough to make it work ? The answer is YES

Conclusion: If you have this issue, don’t follow the error message on your screen, your computer might have everything needed about root certificate,. The only thing missing is your new certificate with the intermediate certificate. I don’t know why we need to import this certificate yet but I will find out. Certificate are not really my cup of tea with PKI, private key, public key etc… I need to dive again in this subject for a while to understand.

Update : Re issuing the certificate and importing it onto my Citrix Access Gateway with the intermediate certificate

Total
0
Shares
Tweet 0
Share 0
Share 0
Share 0
Share 0
Share 0
Share 0
Related Topics
  • Apple
  • CAG
  • Citrix
  • Citrix Access Gateway
  • Error 61
  • Mac
  • Mac OSx
  • SSL
  • SSL Error 61
  • XenApp
Stephane Thirion

Previous Article
  • ArchY.net Site
  • Citrix
  • Windows 2008 R2
  • XenApp

Citrix XenApp tuning tips

  • February 21, 2010
  • Stephane Thirion
View Post
Next Article
  • Citrix
  • XenApp
  • XenDesktop

Citrix XenApp 6 release date !

  • March 10, 2010
  • Stephane Thirion
View Post
You May Also Like
View Post
  • Active Directory
  • ADC
  • Citrix
  • Citrix Virtual Apps and Desktops
  • DaaS
  • Microsoft
  • NetScaler
  • Security

Netscaler native OTP Active Directory account delegation

  • Stephane Thirion
  • March 22, 2023
View Post
  • ADC
  • Citrix
  • NetScaler
  • SDX
  • Uncategorized

Invalid time in the Message sent by the Peer. Please ensure time synchronization between Netscaler and the Peer

  • Stephane Thirion
  • March 3, 2023
View Post
  • ADC
  • Citrix
  • NetScaler
  • SDX

Netscaler SDX LACP on 0/1 and 0/2 (Management Interfaces)

  • Stephane Thirion
  • March 2, 2023
View Post
  • Citrix
  • Citrix Virtual Apps and Desktops
  • Cloud
  • DaaS
  • Microsoft
  • PowerShell
  • VMware
  • vSphere

Create vmware service account for MCS Citrix

  • Stephane Thirion
  • February 28, 2023
View Post
  • Citrix
  • CTP
  • Uncategorized

This is the end of an era

  • Stephane Thirion
  • February 16, 2022
View Post
  • ADC
  • Experience
  • Linux

Cloud yes but no, thanks (there is some Citrix)

  • Stephane Thirion
  • December 7, 2021
View Post
  • ArchY.net Site
  • Azure
  • Citrix
  • Cloud
  • Experience
  • Microsoft
  • News
  • Office365
  • Raidho
  • VMware

Mettre en place une solution de travail à distance (RemoteOffice / Remoteworking) 2/2

  • Stephane Thirion
  • March 24, 2020
View Post
  • Amazon
  • Citrix
  • Cloud
  • Experience
  • Microsoft
  • News
  • Office365
  • Raidho
  • Security
  • VMware

Mettre en place une solution de travail à distance (RemoteOffice / Remoteworking) 1/2

  • Stephane Thirion
  • March 22, 2020
vmware
Binance – Affiliated link
Coinbase – Affiliated link
Blog Stats
  • 1,239,189 hits
Categories
  • Amazon (1)
  • Apple (20)
    • iOS (5)
    • Mac OSx (11)
  • ArchY.net Site (30)
  • Azure (8)
  • Certifications (3)
  • Citrix (211)
    • ADC (4)
    • Citrix Virtual Apps and Desktops (5)
    • DaaS (2)
    • NetScaler (15)
    • Password Manager (3)
    • Personal vDisk (5)
    • Power and Capacity Management (3)
    • Provisioning Services (22)
    • Receiver (29)
    • SDX (2)
    • ShareFile (8)
    • Single Sign On (3)
    • SmartAuditor (2)
    • Storefront (12)
    • Synergy (25)
    • User Profile Management (2)
    • VDI (7)
    • WebInterface (21)
    • XenApp (84)
    • XenApp Plugin (3)
    • XenClient (10)
    • XenDesktop (55)
    • XenServer (42)
  • Cloud (13)
  • Crystal Ball (2)
  • CTP (13)
  • Docker (2)
  • Events (35)
    • E2E – PubForum (9)
    • Geek Speak (3)
  • Experience (53)
  • Kubernetes (2)
  • Licensing (3)
  • Linux (12)
  • Microsoft (147)
    • Active Directory (1)
    • Azure (8)
    • Office365 (4)
    • PowerShell (19)
    • RDS (5)
    • Windows 10 (6)
    • Windows 2003 (21)
    • Windows 2008 (20)
    • Windows 2008 R2 (54)
    • Windows 2012 (13)
    • Windows 2012R2 (13)
    • Windows 2016 (18)
    • Windows 2019 (4)
    • Windows 2022 (1)
    • Windows 7 (27)
    • Windows 8 (19)
    • Windows Virtual Desktop (1)
    • Windows XP (11)
  • News (5)
  • Raidho (2)
  • Raspberry (3)
  • Scripting (13)
  • Security (5)
  • Slide Deck (1)
  • Thin Clients (3)
  • Twitter (1)
  • Ubiquiti (1)
  • Uncategorized (13)
  • VMware (28)
    • VMWare WorkStation (2)
    • vSphere (16)
Stéphane Thirion
Don't Follow the Trend

Input your search keywords and press Enter.

 

Loading Comments...