Solved

Remote access to Citrix fundamentals 6.0 fails with SSL error 61

Posted on 2012-03-28
5
927 Views
Last Modified: 2012-05-28
I have a new installation of Citrix Fundamentals 6.0 and used the Quick start to configure external access directly to the server.  I configured a customer port 444 since 443 is already used by OWA.  I configured the ASA firewall to for this port and server.  When I go to the URL https://mail.shawbrothers.com:444 I get a log in prompt and can log in and see my applications, when I launch an application it fails for (the Citrix Receiver could not establish a connection)  or SSL error 61

This is a self signed certificate, do I need to export a certificate into internet explorer on the client PC.  If this is yes, what is the procedure?
0
Comment
Question by:BlueGlory
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 37780214
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37782268
Couple things:
1. I noticed (as you mentioned) you are using an internal certificate. In this case you either need the Root CA (the internal one) loaded on the PCs people will connect from OR you need the certificate itself loaded on their Trusted Certificates (again on their PCs).
2. The Citrix Web Interface simply creates icons for the apps available that are really .ICA (text) files and are passed to be parsed by the local ICA Client (Citrix Receiver + Online Plugin). If you are NOT using Citrix Secure Gateway (CSG) or Citrix Access Gateway (CAG) that means the .ICA file is telling the client to connect directly to the Citrix servers on port 1494 or 2598 (if session reliability is on). In that case the firewall MUST be opened AND you must use ALTADDR on the XenApp Servers.
When you use CSG or CAG all traffic goes through HTTPS (443) all the way to the CSG/CAG and from there goes ICA to the XenApp servers. In this case only port 443 needs to be opened.
As you are already using port 443 for mail, you have two options:
1. Get a second IP, second DNS entry (i.e. citrix.shawbrothers.com) and install the web interface AND Citrix Secure Gateway on another server and open the firewall for that second IP to send HTTPS to the CSG/WI machine. Then you simply configure the CSG to handle port 443 (no need for 443 on the WI as the CSG will intercept/take care of that) and you set the WI to 'Gateway Direct'. Of course you need to load the certificate for citrix.shawbrothers.com on the CSG (ideally get it issued by a third party certification authority like Entrust, RapidSSL, Verisign, etc).
2. Open as many ports on your firewall as you have XenApp servers and set the alternate address to be the external IP. In this case each XenApp will be on a different port (i.e. 1494, 1495 and so on). The firewall as I said must be then opened for each port, each one going to a different XenApp.

Option 1 is the BEST way to go. Simple to do and works flawlessly.

Cheers.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37782283
Oh if you have no idea about what I am saying, that means go get a Citrix consultant to do it for you. :-)

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Accepted Solution

by:
BlueGlory earned 0 total points
ID: 38004005
The SSL cert was corrupt the the provider fixed it.
0
 

Author Closing Comment

by:BlueGlory
ID: 38018182
The other solutions did not apply
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now