Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


ssl error 61 accessing citrix

Posted on 2011-04-19
Medium Priority
Last Modified: 2012-05-11
I had a consultant come in and help me install a a RapidSSL CA certificate on my citrix farm.  This allows us to now support the iPad and iPhone and  the iPhone does work.  However, I got a new feature that all the other desktops that login to the farm receive a SSL61 error.  

it seems if I web into the site then click on the padlock and say import it starts to work for IE.  Sometimes if I just go to the site enough it seems to work.  However, mozilla firefox does not work and error on a trusted site.  

It just like every pc that has  IE gets this error.  Is this a problem with the cert or the web interface of Citrix?

any ideas?
Question by:Bulls-Eye
  • 2
  • 2
LVL 37

Accepted Solution

Carl Webster earned 2000 total points
ID: 35429874

Go down to the following section:

Error Message: Any of the following error messages:
The server certificate received is not trusted (SSL error 61).
Cannot connect to the Citrix (XenApp or Presentation) Server.
SSL Error 61: You have not chosen to trust “Common”, the issuer of the server’s security certificate.

Author Comment

ID: 35437849
I believe the problem is in the DNS issue.  I do have citrix secure gateway installed.  I have updated the clients workstations citrix ica.  I am not sure what I need to do with DNS to make sure this works?


Author Comment

ID: 35437881
my FQDN on the citrix secure gateway matches that of the certificate.  However this server is behind a firewall and has a 192.168.x.x address.  The actual cert is an public ip address and is listed on my hosting providers DNS  and points to my firewall where I have a NAT policy that point back to a server.  I do have an altaddr address on the server that shows it's public IP address.  

I can define an additional host in my local DNS server for this server, I just don't know if I put the public or private name in the table.
LVL 37

Expert Comment

by:Carl Webster
ID: 35445596
IP addresses are not recorded for SSL certificates, only FQDNs.  If you are using CSG, you should NOT be using AltAddr also.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question