[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 926
  • Last Modified:

Citrix on Mac. receiving error 7 when attempting to connect to metaframe

I have a user who is receiving "A local security certificate could not be loaded (error code 7)" when attempting to connect to a citrix session.

They have the client installed.. and are using OSX.

Have tried with Safari and FireFox - same issue.. details of error below..
A local security certificate could not be loaded. (error code: 7)
                at com.citrix.sdk.security.ssl.ConnectionModel.addCACertificate(ConnectionModel.java)
                at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:585)
                at com.citrix.client.io.net.ip.m.h(Unknown Source)
                at com.citrix.client.io.net.ip.proxy.i.<init>(Unknown Source)
                at com.citrix.client.io.net.ip.g.a(Unknown Source)
                at com.citrix.client.io.net.ip.o.a(Unknown Source)
                at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
                at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
                at java.lang.Thread.run(Thread.java:613)
Caused by: The SSL cryptography library failed.  The security certificate "AOL Time Warner Root Certification Authority 2" has a public key of length greater than 2048 bit.
                at com.citrix.sdk.security.certificate.X509CertificateLoader.loadCertificates(X509CertificateLoader.java)
                at com.citrix.sdk.security.ssl.ConnectionModel.addCACertificate(ConnectionModel.java)
                at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:585)
                at com.citrix.client.io.net.ip.m.h(Unknown Source)
                at com.citrix.client.io.net.ip.proxy.i.<init>(Unknown Source)
                at com.citrix.client.io.net.ip.g.a(Unknown Source)
                at com.citrix.client.io.net.ip.o.a(Unknown Source)
                at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
                at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
                at java.lang.Thread.run(Thread.java:613)
Caused by: java.lang.IllegalStateException: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2
                at com.certicom.b.a.a.a.v.d(v.java)
                at com.certicom.b.a.a.a.v.b(v.java)
                at com.certicom.b.a.a.a.v.<init>(v.java)
                at com.certicom.b.a.a.a.t.a(t.java)
                at com.certicom.b.a.a.a.t.a(t.java)
                at com.citrix.sdk.security.certificate.X509CertificateLoader.loadCertificates(X509CertificateLoader.java)
                at com.citrix.sdk.security.ssl.ConnectionModel.addCACertificate(ConnectionModel.java)
                at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:585)
                at com.citrix.client.io.net.ip.m.h(Unknown Source)
                at com.citrix.client.io.net.ip.proxy.i.<init>(Unknown Source)
                at com.citrix.client.io.net.ip.g.a(Unknown Source)
                at com.citrix.client.io.net.ip.o.a(Unknown Source)
                at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
                at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
                at java.lang.Thread.run(Thread.java:613)

Open in new window

0
Andrewtow
Asked:
Andrewtow
1 Solution
 
ParanormasticCryptographic EngineerCommented:
See line 13:
Caused by: The SSL cryptography library failed.  The security certificate "AOL Time Warner Root Certification Authority 2" has a public key of length greater than 2048 bit.

Fix: Use the mac ICA client instead of Java client.  You may need additional configuration to support the mac ica client, here's the info on that:
http://support.citrix.com/article/CTX104367
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now