Citrix Access Essentials SSL error 61

I have installed a Citrix Access Essentials server 2.0 on Windows Server 2003 SP2
Originally, I setup the external access via HTTPS and using the Microsoft Certificate Authority.
I purchased an SSL certificate from Digicert for my internet web access site (citrix.mycompany.com)
After setting everything up again and publishing the web interface everything works fine until I try to lunch a published application. I authenticate correctly to the Citrix web interface and my available applications are displayed.
However when I launch an application, i receive the following error:

SSL Error 61: You have not chosen to trust the original Microsoft  CA certificate , the issuer of the servers security certificate.
I removed all traces of the original Microsoft  CA certificate from the Citrix server using the MMC certs console and removed the registry entries related to this cert. However the error still persists.

Has anyone else come across a similar problem and ant suggestions for a solution?

Thanks in advance


Citrix-error-ssl.JPG
infolan_rebolloAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hodgeyohnCommented:
the issue is because the client machine doesnt trust the root cert.
import the root cert to your client machine and it will be fine.
0
infolan_rebolloAuthor Commented:
I forgot to mention the root cert has been imported in all of the client machines, the problem is not about the Cert that is not trusted: The cert that causes the error should not come into the equation as it no longer exists for the Citrix server. I have published the site using the new Digicert Cert however somewhere within the Citrix server it still has a registry of the old Micrsoft CA cert. I want to remove all references to the old Cert, however I cannot find any more references to the cert of the Citrix server.

In other words the error: "You have not chosen to trust..... certificate" refers to a certifcate which should not exist. If I was to receive an SSL 61 error correctly if should be for the new DigiCert certificate.... more ideas please
0
hodgeyohnCommented:
have you rerun the CSG config wizard to point to the new cert?
0
infolan_rebolloAuthor Commented:
yes. I have removed the external access to the CAE server deleted the configuration and rerun the wizard several times, always with the same error!

Is it possible that the Citrix server is accessing the old Cert via the CA on another server?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hodgeyohnCommented:
when you first go to the site click on the secure "key" icon.  look at the cert.  is it showing the correct cert, or the incorrect cert?

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.