Solved

Mac OSX 10.5 Citrix Receiver 11.2 Error SSL-86

Posted on 2014-11-12
8
873 Views
Last Modified: 2016-10-25
I am try to help our new Citrix admin troubleshoot why some of our Mac clients are getting an SSL-86 message when trying to launch an app.

Here is what I have done and researched.
1) Copy the root Verisgin, Intermediary Symantec and our SSL cert to the /library/Application Support/Citrix/Keystore/cacert folder

2) Imported all cert into the Mac KeyAccess and imported to certs into login and System and set the trust policy to "Always allow"

3) When the user access our Citrix site they *do not* get a Cert error message

We are using  Citrix Netscaler 10.1 and just cutover to Storefront.

I have been working on this for two days without any luck. I believe Safarie is not accepting the intermediary certificate...

Please note, if a user uses Internet Explorer from a Windows machine it seems to work without issue.
0
Comment
Question by:compdigit44
  • 4
  • 4
8 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40438838
MAke sure that the root certificates have not been recently replaced with newer versions.
Make sure tha any Apache chain files on the server it self and on the Netscalar also have the intermediate certificates installed as well!
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40438864
thanks for your reply...

I am not a Mac person. I forgot to mention that the certification I copied to the keystore/cacert folder I rename to *.crt

Also we are using a Verisign Cert but the middle cert is listed as Synmantec. How can I tell if a root cert is missing? I am not sure about the netscaler but would Windows clients have an issue as well??
0
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 500 total points
ID: 40440104
For missing certificates you have to check the KeyChain and the Citrix cacert folders for the missing certificate files.
For Windows you can check via Internet Explorer, Internet Options, Content, Certificates or the Certificates.msc console.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 19

Author Comment

by:compdigit44
ID: 40440121
I might have  a theory here..

1) Some of our clients are running OSX 10.5 and the latest verision of the Citrix Receiver which I can install is 11.2 but according to the Citrix site Recive version 11.8 is need for Storefront. I wonder if this is part of my issue.

2) I have exported the citrix chain from a windows workstation to a *.p7b and imported it into the MAC trusted all certs and copied it to all possible /keystore/cacert folders no go.


Now this is only affect my MAC cliets and WIndows is working fine.  I noticed tha tmy Netscaler has the server level and intermediate certificates installed but not the parent root. Could this be causing the problem..

How can I import this CER from my  workstation to netscaler if needed
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 40440157
Yes, the root certificate must be present on the Netscalar for the trusted certificate path to work correctly.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40440297
What about the receiver version??? Also why are my Windows clients working without issue?
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 40440424
I have used Citrix Presentation Server 4.5  on Windows with Citrix Receiver and they seem ok as long as you have the root cert installed. Must be more forgiving than the mac version.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40441424
I had a user report they were able to connect to our Citrix storefront using Mac OSx and Receiver version 11.4

My questions is how if Citrix support version 11.8 with storefront. Could it be the OS version?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop, gold image, VMware, vSphere.
CITRIX XENAPP 6.5 FARM CUSTOM POLICY - CHANGE MANAGEMENT WINDOW REBOOT SCHEDULE
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question