[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2004
  • Last Modified:

SSL Error 61

When I attempt to login to Citrix I get the following error message:
"SSL Error 61: You have not chosen to trust "Go Daddy Secure Certification Authority", the issue of the server's security certificate.  

The certificate is set to Always Trust within the keychain access.  I also tried the following suggestion from another EE member, without success:
1. Download linked .zip file: http://kb.kcsi.ca/attachments/Citrix%20ICA%20Client-GUIDbb100a1a34e7427fa6fa019814afde9c.zip
2. Extract it to /Library/Application Support/Citrix/

Has anyone managed to resolve this issues?  
0
LynxTechPartners
Asked:
LynxTechPartners
  • 4
  • 4
1 Solution
 
Dave HoweCommented:
Hmm. normally if you are using the standalone Citrix client, the windows keystore is used.

However, if you are using the JAVA client from the secure gateway, then java has its own keystore, which you would need to populate; personally, I think installing the full client (usually available as a link from the CSG page) is a better solution, but if you want to update the java keystore, there is a gui tool here:

http://yellowcat1.free.fr/keytool_iui.html

that can do that for you.
0
 
LynxTechPartnersAuthor Commented:
Thanks DaveHowe.  Considering I'm using an iMac, it's probably safe to assume that I'm using the JAVA client...

I downloaded the keytool, but am not clear on what to do from here?  Any additional guidance would be greatly appreciated.  I'm new to the Mac World...
0
 
Dave HoweCommented:
ok, unzip it and run the .sh (or run it direct from the site with the java webstart url)

on the left hand menu, select
[+] Keytool IUI
  [+] Import
    [+] Keystore's entry
      [+] Trusted certificate
        [ ] Root CA certificate

Root certificate is the file you want to import
root store leave at default
root store password is 'changeit' (it always is :)

process is fairly simple from there.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LynxTechPartnersAuthor Commented:
DaveHowe, I have attached a screenshot of my Finder.  When I try to run the .sh file (i.e., run_ktl.sh) it merely opens a text editor box.  Am I missing something?
screenshot.pdf
0
 
Dave HoweCommented:
you might need to right-click it and mark it executable - or use the webstart version (http://yellowcat1.free.fr/jws/ktl/241/on_ktl_main.jnlp )

the .sh contains a java startup command that runs that jarfile.
0
 
LynxTechPartnersAuthor Commented:
Thanks DaveHowe.  I followed your steps.  After entering the 'changeit' password and selecting OK I get a KeyTool IUI Warning - File is write-protected:  /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/cacerts  

Is this common?  Any suggestions?
0
 
Dave HoweCommented:
you need to be running this from an account permitted to update that file - its probably easier to just give your current account permissions then change to an admin login (if you aren't already using one)

just give your normal account write access to the file using the file manager :)
0
 
LynxTechPartnersAuthor Commented:
Wasn't able to get it to work (due to my Mac entry-level know-how), but DaveHowe provided good instructions.  Very much appreciated.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now