Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2542
  • Last Modified:

Citrix Secure Gateway + Thawte certificate Error 61 Untrusted CA

Running a Citrix PS 4.5 farm and I have a few users who connect via Secure Gateway from outside the network.  Got a call this morning that they were having problems so I took a look.

All of the sudden, on multiple machines (and various browsers) people are able to get to the page, login, get to the published apps, but when they (or I) try to run them, "SSL Error 61: You have not chosen to trust "Thawte Server CA", the issuer of the server's security certificate."

I have users on this everyday, so this has happened over night.  Just to make sure, I checked and there is a trusted CA in the local computer account's folder named "Thawte Server CA."  I downloaded and installed the cert from the secure gateway in a variety of places and no help.

I went to the secure gateway server and into IIS manager.  From there to directory security and view certificate, you can actually export a Thawte Server CA certificate.  Installed that, still the same error.  

Running Secure Gateway Diagnostics comes up green lights across the board.  

Double checked the cert and it is valid until October.

Just to say I did it, the server has also been restarted.

Basically out of ideas here.  Anyone have one?
0
Telstar-Networks
Asked:
Telstar-Networks
  • 3
1 Solution
 
Telstar-NetworksAuthor Commented:
Update:

I am actually running two CSG servers in two separate locations, both using Thawte certificates.  The backup actually has expired as the client decided not to renew, but I figured just for fun I would try.

Citrix doesn't allow invalid certs to work, but I figured it wouldn't hurt to check it out, so I logged in expecting an error about invalid cert due to expiry date.  Instead, I got the exact same error on the second server as well....

Maybe something going on with Thawte?
0
 
Telstar-NetworksAuthor Commented:
Second update:

Just to be sure I went to Thawte and re downloaded their root certificates and reinstalled them.  Still the same error.  

Deleted the one there and reinstalled the freshly downloaded copy again.  Still the same error.
0
 
Telstar-NetworksAuthor Commented:
Gateway settings under the Secure Gateway's web interface configuration had the FQDN incorrect somehow.  No clue how it happened as no one has touched that server in months, but okay.  Reset and it works fine.
1

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now