Solved

Citrix Secure Gateway + Thawte certificate Error 61 Untrusted CA

Posted on 2009-07-08
3
2,415 Views
Last Modified: 2012-05-07
Running a Citrix PS 4.5 farm and I have a few users who connect via Secure Gateway from outside the network.  Got a call this morning that they were having problems so I took a look.

All of the sudden, on multiple machines (and various browsers) people are able to get to the page, login, get to the published apps, but when they (or I) try to run them, "SSL Error 61: You have not chosen to trust "Thawte Server CA", the issuer of the server's security certificate."

I have users on this everyday, so this has happened over night.  Just to make sure, I checked and there is a trusted CA in the local computer account's folder named "Thawte Server CA."  I downloaded and installed the cert from the secure gateway in a variety of places and no help.

I went to the secure gateway server and into IIS manager.  From there to directory security and view certificate, you can actually export a Thawte Server CA certificate.  Installed that, still the same error.  

Running Secure Gateway Diagnostics comes up green lights across the board.  

Double checked the cert and it is valid until October.

Just to say I did it, the server has also been restarted.

Basically out of ideas here.  Anyone have one?
0
Comment
Question by:Telstar-Networks
  • 3
3 Comments
 
LVL 1

Author Comment

by:Telstar-Networks
ID: 24804220
Update:

I am actually running two CSG servers in two separate locations, both using Thawte certificates.  The backup actually has expired as the client decided not to renew, but I figured just for fun I would try.

Citrix doesn't allow invalid certs to work, but I figured it wouldn't hurt to check it out, so I logged in expecting an error about invalid cert due to expiry date.  Instead, I got the exact same error on the second server as well....

Maybe something going on with Thawte?
0
 
LVL 1

Author Comment

by:Telstar-Networks
ID: 24804414
Second update:

Just to be sure I went to Thawte and re downloaded their root certificates and reinstalled them.  Still the same error.  

Deleted the one there and reinstalled the freshly downloaded copy again.  Still the same error.
0
 
LVL 1

Accepted Solution

by:
Telstar-Networks earned 0 total points
ID: 24807286
Gateway settings under the Secure Gateway's web interface configuration had the FQDN incorrect somehow.  No clue how it happened as no one has touched that server in months, but okay.  Reset and it works fine.
1

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Citrix XenDesktop, gold image, VMware, vSphere.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now