Solved

Citrix Secure Gateway + Thawte certificate Error 61 Untrusted CA

Posted on 2009-07-08
3
2,447 Views
Last Modified: 2012-05-07
Running a Citrix PS 4.5 farm and I have a few users who connect via Secure Gateway from outside the network.  Got a call this morning that they were having problems so I took a look.

All of the sudden, on multiple machines (and various browsers) people are able to get to the page, login, get to the published apps, but when they (or I) try to run them, "SSL Error 61: You have not chosen to trust "Thawte Server CA", the issuer of the server's security certificate."

I have users on this everyday, so this has happened over night.  Just to make sure, I checked and there is a trusted CA in the local computer account's folder named "Thawte Server CA."  I downloaded and installed the cert from the secure gateway in a variety of places and no help.

I went to the secure gateway server and into IIS manager.  From there to directory security and view certificate, you can actually export a Thawte Server CA certificate.  Installed that, still the same error.  

Running Secure Gateway Diagnostics comes up green lights across the board.  

Double checked the cert and it is valid until October.

Just to say I did it, the server has also been restarted.

Basically out of ideas here.  Anyone have one?
0
Comment
Question by:Telstar-Networks
  • 3
3 Comments
 
LVL 1

Author Comment

by:Telstar-Networks
ID: 24804220
Update:

I am actually running two CSG servers in two separate locations, both using Thawte certificates.  The backup actually has expired as the client decided not to renew, but I figured just for fun I would try.

Citrix doesn't allow invalid certs to work, but I figured it wouldn't hurt to check it out, so I logged in expecting an error about invalid cert due to expiry date.  Instead, I got the exact same error on the second server as well....

Maybe something going on with Thawte?
0
 
LVL 1

Author Comment

by:Telstar-Networks
ID: 24804414
Second update:

Just to be sure I went to Thawte and re downloaded their root certificates and reinstalled them.  Still the same error.  

Deleted the one there and reinstalled the freshly downloaded copy again.  Still the same error.
0
 
LVL 1

Accepted Solution

by:
Telstar-Networks earned 0 total points
ID: 24807286
Gateway settings under the Secure Gateway's web interface configuration had the FQDN incorrect somehow.  No clue how it happened as no one has touched that server in months, but okay.  Reset and it works fine.
1

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop 7.6 Citrix Policies Audio
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question