Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Remote access to Citrix fundamentals 6.0 fails with SSL error 61

Posted on 2012-03-28
Medium Priority
Last Modified: 2012-05-28
I have a new installation of Citrix Fundamentals 6.0 and used the Quick start to configure external access directly to the server.  I configured a customer port 444 since 443 is already used by OWA.  I configured the ASA firewall to for this port and server.  When I go to the URL I get a log in prompt and can log in and see my applications, when I launch an application it fails for (the Citrix Receiver could not establish a connection)  or SSL error 61

This is a self signed certificate, do I need to export a certificate into internet explorer on the client PC.  If this is yes, what is the procedure?
Question by:BlueGlory
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 23

Expert Comment

by:Ayman Bakr
ID: 37780214
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37782268
Couple things:
1. I noticed (as you mentioned) you are using an internal certificate. In this case you either need the Root CA (the internal one) loaded on the PCs people will connect from OR you need the certificate itself loaded on their Trusted Certificates (again on their PCs).
2. The Citrix Web Interface simply creates icons for the apps available that are really .ICA (text) files and are passed to be parsed by the local ICA Client (Citrix Receiver + Online Plugin). If you are NOT using Citrix Secure Gateway (CSG) or Citrix Access Gateway (CAG) that means the .ICA file is telling the client to connect directly to the Citrix servers on port 1494 or 2598 (if session reliability is on). In that case the firewall MUST be opened AND you must use ALTADDR on the XenApp Servers.
When you use CSG or CAG all traffic goes through HTTPS (443) all the way to the CSG/CAG and from there goes ICA to the XenApp servers. In this case only port 443 needs to be opened.
As you are already using port 443 for mail, you have two options:
1. Get a second IP, second DNS entry (i.e. and install the web interface AND Citrix Secure Gateway on another server and open the firewall for that second IP to send HTTPS to the CSG/WI machine. Then you simply configure the CSG to handle port 443 (no need for 443 on the WI as the CSG will intercept/take care of that) and you set the WI to 'Gateway Direct'. Of course you need to load the certificate for on the CSG (ideally get it issued by a third party certification authority like Entrust, RapidSSL, Verisign, etc).
2. Open as many ports on your firewall as you have XenApp servers and set the alternate address to be the external IP. In this case each XenApp will be on a different port (i.e. 1494, 1495 and so on). The firewall as I said must be then opened for each port, each one going to a different XenApp.

Option 1 is the BEST way to go. Simple to do and works flawlessly.


Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37782283
Oh if you have no idea about what I am saying, that means go get a Citrix consultant to do it for you. :-)

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP

Accepted Solution

BlueGlory earned 0 total points
ID: 38004005
The SSL cert was corrupt the the provider fixed it.

Author Closing Comment

ID: 38018182
The other solutions did not apply

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
#Citrix #XenDesktop #POC #Proof-of-concept
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question