Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2573
  • Last Modified:

Citrix Secure Gateway + Thawte certificate Error 61 Untrusted CA

Running a Citrix PS 4.5 farm and I have a few users who connect via Secure Gateway from outside the network.  Got a call this morning that they were having problems so I took a look.

All of the sudden, on multiple machines (and various browsers) people are able to get to the page, login, get to the published apps, but when they (or I) try to run them, "SSL Error 61: You have not chosen to trust "Thawte Server CA", the issuer of the server's security certificate."

I have users on this everyday, so this has happened over night.  Just to make sure, I checked and there is a trusted CA in the local computer account's folder named "Thawte Server CA."  I downloaded and installed the cert from the secure gateway in a variety of places and no help.

I went to the secure gateway server and into IIS manager.  From there to directory security and view certificate, you can actually export a Thawte Server CA certificate.  Installed that, still the same error.  

Running Secure Gateway Diagnostics comes up green lights across the board.  

Double checked the cert and it is valid until October.

Just to say I did it, the server has also been restarted.

Basically out of ideas here.  Anyone have one?
0
Telstar-Networks
Asked:
Telstar-Networks
  • 3
1 Solution
 
Telstar-NetworksAuthor Commented:
Update:

I am actually running two CSG servers in two separate locations, both using Thawte certificates.  The backup actually has expired as the client decided not to renew, but I figured just for fun I would try.

Citrix doesn't allow invalid certs to work, but I figured it wouldn't hurt to check it out, so I logged in expecting an error about invalid cert due to expiry date.  Instead, I got the exact same error on the second server as well....

Maybe something going on with Thawte?
0
 
Telstar-NetworksAuthor Commented:
Second update:

Just to be sure I went to Thawte and re downloaded their root certificates and reinstalled them.  Still the same error.  

Deleted the one there and reinstalled the freshly downloaded copy again.  Still the same error.
0
 
Telstar-NetworksAuthor Commented:
Gateway settings under the Secure Gateway's web interface configuration had the FQDN incorrect somehow.  No clue how it happened as no one has touched that server in months, but okay.  Reset and it works fine.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now