ssl error 61 accessing citrix

Posted on 2011-04-19
Last Modified: 2012-05-11
I had a consultant come in and help me install a a RapidSSL CA certificate on my citrix farm.  This allows us to now support the iPad and iPhone and  the iPhone does work.  However, I got a new feature that all the other desktops that login to the farm receive a SSL61 error.  

it seems if I web into the site then click on the padlock and say import it starts to work for IE.  Sometimes if I just go to the site enough it seems to work.  However, mozilla firefox does not work and error on a trusted site.  

It just like every pc that has  IE gets this error.  Is this a problem with the cert or the web interface of Citrix?

any ideas?
Question by:Bulls-Eye
    LVL 36

    Accepted Solution


    Go down to the following section:

    Error Message: Any of the following error messages:
    The server certificate received is not trusted (SSL error 61).
    Cannot connect to the Citrix (XenApp or Presentation) Server.
    SSL Error 61: You have not chosen to trust “Common”, the issuer of the server’s security certificate.

    Author Comment

    I believe the problem is in the DNS issue.  I do have citrix secure gateway installed.  I have updated the clients workstations citrix ica.  I am not sure what I need to do with DNS to make sure this works?


    Author Comment

    my FQDN on the citrix secure gateway matches that of the certificate.  However this server is behind a firewall and has a 192.168.x.x address.  The actual cert is an public ip address and is listed on my hosting providers DNS  and points to my firewall where I have a NAT policy that point back to a server.  I do have an altaddr address on the server that shows it's public IP address.  

    I can define an additional host in my local DNS server for this server, I just don't know if I put the public or private name in the table.
    LVL 36

    Expert Comment

    by:Carl Webster
    IP addresses are not recorded for SSL certificates, only FQDNs.  If you are using CSG, you should NOT be using AltAddr also.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Title # Comments Views Activity
    Basic Regex for use in webservice 1 44
    IIS7 FTP default folder 8 43
    Outlook Anywhere is not working. 2 32
    ADFS Queries 3 23
    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now