Citrix Access Essentials SSL error 61

Posted on 2008-11-06
Medium Priority
Last Modified: 2011-10-19
I have installed a Citrix Access Essentials server 2.0 on Windows Server 2003 SP2
Originally, I setup the external access via HTTPS and using the Microsoft Certificate Authority.
I purchased an SSL certificate from Digicert for my internet web access site (citrix.mycompany.com)
After setting everything up again and publishing the web interface everything works fine until I try to lunch a published application. I authenticate correctly to the Citrix web interface and my available applications are displayed.
However when I launch an application, i receive the following error:

SSL Error 61: You have not chosen to trust the original Microsoft  CA certificate , the issuer of the servers security certificate.
I removed all traces of the original Microsoft  CA certificate from the Citrix server using the MMC certs console and removed the registry entries related to this cert. However the error still persists.

Has anyone else come across a similar problem and ant suggestions for a solution?

Thanks in advance

Question by:infolan_rebollo
  • 3
  • 2

Expert Comment

ID: 22897856
the issue is because the client machine doesnt trust the root cert.
import the root cert to your client machine and it will be fine.

Author Comment

ID: 22898496
I forgot to mention the root cert has been imported in all of the client machines, the problem is not about the Cert that is not trusted: The cert that causes the error should not come into the equation as it no longer exists for the Citrix server. I have published the site using the new Digicert Cert however somewhere within the Citrix server it still has a registry of the old Micrsoft CA cert. I want to remove all references to the old Cert, however I cannot find any more references to the cert of the Citrix server.

In other words the error: "You have not chosen to trust..... certificate" refers to a certifcate which should not exist. If I was to receive an SSL 61 error correctly if should be for the new DigiCert certificate.... more ideas please

Expert Comment

ID: 22898576
have you rerun the CSG config wizard to point to the new cert?

Accepted Solution

infolan_rebollo earned 0 total points
ID: 22898994
yes. I have removed the external access to the CAE server deleted the configuration and rerun the wizard several times, always with the same error!

Is it possible that the Citrix server is accessing the old Cert via the CA on another server?

Expert Comment

ID: 22905001
when you first go to the site click on the secure "key" icon.  look at the cert.  is it showing the correct cert, or the incorrect cert?


Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question