Link to home
Start Free TrialLog in
Avatar of infolan_rebollo
infolan_rebolloFlag for Spain

asked on

Citrix Access Essentials SSL error 61

I have installed a Citrix Access Essentials server 2.0 on Windows Server 2003 SP2
Originally, I setup the external access via HTTPS and using the Microsoft Certificate Authority.
I purchased an SSL certificate from Digicert for my internet web access site (citrix.mycompany.com)
After setting everything up again and publishing the web interface everything works fine until I try to lunch a published application. I authenticate correctly to the Citrix web interface and my available applications are displayed.
However when I launch an application, i receive the following error:

SSL Error 61: You have not chosen to trust the original Microsoft  CA certificate , the issuer of the servers security certificate.
I removed all traces of the original Microsoft  CA certificate from the Citrix server using the MMC certs console and removed the registry entries related to this cert. However the error still persists.

Has anyone else come across a similar problem and ant suggestions for a solution?

Thanks in advance


Citrix-error-ssl.JPG
Avatar of hodgeyohn
hodgeyohn
Flag of United States of America image
the issue is because the client machine doesnt trust the root cert.
import the root cert to your client machine and it will be fine.
Avatar of infolan_rebollo
infolan_rebollo
Flag of Spain image

ASKER

I forgot to mention the root cert has been imported in all of the client machines, the problem is not about the Cert that is not trusted: The cert that causes the error should not come into the equation as it no longer exists for the Citrix server. I have published the site using the new Digicert Cert however somewhere within the Citrix server it still has a registry of the old Micrsoft CA cert. I want to remove all references to the old Cert, however I cannot find any more references to the cert of the Citrix server.

In other words the error: "You have not chosen to trust..... certificate" refers to a certifcate which should not exist. If I was to receive an SSL 61 error correctly if should be for the new DigiCert certificate.... more ideas please
Avatar of hodgeyohn
hodgeyohn
Flag of United States of America image
have you rerun the CSG config wizard to point to the new cert?
ASKER CERTIFIED SOLUTION
Avatar of infolan_rebollo
infolan_rebollo
Flag of Spain image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hodgeyohn
hodgeyohn
Flag of United States of America image
when you first go to the site click on the secure "key" icon.  look at the cert.  is it showing the correct cert, or the incorrect cert?