Citrix Access Essentials SSL error 61

I have installed a Citrix Access Essentials server 2.0 on Windows Server 2003 SP2
Originally, I setup the external access via HTTPS and using the Microsoft Certificate Authority.
I purchased an SSL certificate from Digicert for my internet web access site (
After setting everything up again and publishing the web interface everything works fine until I try to lunch a published application. I authenticate correctly to the Citrix web interface and my available applications are displayed.
However when I launch an application, i receive the following error:

SSL Error 61: You have not chosen to trust the original Microsoft  CA certificate , the issuer of the servers security certificate.
I removed all traces of the original Microsoft  CA certificate from the Citrix server using the MMC certs console and removed the registry entries related to this cert. However the error still persists.

Has anyone else come across a similar problem and ant suggestions for a solution?

Thanks in advance

Who is Participating?
infolan_rebolloConnect With a Mentor Author Commented:
yes. I have removed the external access to the CAE server deleted the configuration and rerun the wizard several times, always with the same error!

Is it possible that the Citrix server is accessing the old Cert via the CA on another server?
the issue is because the client machine doesnt trust the root cert.
import the root cert to your client machine and it will be fine.
infolan_rebolloAuthor Commented:
I forgot to mention the root cert has been imported in all of the client machines, the problem is not about the Cert that is not trusted: The cert that causes the error should not come into the equation as it no longer exists for the Citrix server. I have published the site using the new Digicert Cert however somewhere within the Citrix server it still has a registry of the old Micrsoft CA cert. I want to remove all references to the old Cert, however I cannot find any more references to the cert of the Citrix server.

In other words the error: "You have not chosen to trust..... certificate" refers to a certifcate which should not exist. If I was to receive an SSL 61 error correctly if should be for the new DigiCert certificate.... more ideas please
have you rerun the CSG config wizard to point to the new cert?
when you first go to the site click on the secure "key" icon.  look at the cert.  is it showing the correct cert, or the incorrect cert?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.