Solved

Mac OSX 10.5 Citrix Receiver 11.2 Error SSL-86

Posted on 2014-11-12
8
817 Views
Last Modified: 2016-10-25
I am try to help our new Citrix admin troubleshoot why some of our Mac clients are getting an SSL-86 message when trying to launch an app.

Here is what I have done and researched.
1) Copy the root Verisgin, Intermediary Symantec and our SSL cert to the /library/Application Support/Citrix/Keystore/cacert folder

2) Imported all cert into the Mac KeyAccess and imported to certs into login and System and set the trust policy to "Always allow"

3) When the user access our Citrix site they *do not* get a Cert error message

We are using  Citrix Netscaler 10.1 and just cutover to Storefront.

I have been working on this for two days without any luck. I believe Safarie is not accepting the intermediary certificate...

Please note, if a user uses Internet Explorer from a Windows machine it seems to work without issue.
0
Comment
Question by:compdigit44
  • 4
  • 4
8 Comments
 
LVL 18

Accepted Solution

by:
Peter Hutchison earned 500 total points
Comment Utility
MAke sure that the root certificates have not been recently replaced with newer versions.
Make sure tha any Apache chain files on the server it self and on the Netscalar also have the intermediate certificates installed as well!
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
thanks for your reply...

I am not a Mac person. I forgot to mention that the certification I copied to the keystore/cacert folder I rename to *.crt

Also we are using a Verisign Cert but the middle cert is listed as Synmantec. How can I tell if a root cert is missing? I am not sure about the netscaler but would Windows clients have an issue as well??
0
 
LVL 18

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 500 total points
Comment Utility
For missing certificates you have to check the KeyChain and the Citrix cacert folders for the missing certificate files.
For Windows you can check via Internet Explorer, Internet Options, Content, Certificates or the Certificates.msc console.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I might have  a theory here..

1) Some of our clients are running OSX 10.5 and the latest verision of the Citrix Receiver which I can install is 11.2 but according to the Citrix site Recive version 11.8 is need for Storefront. I wonder if this is part of my issue.

2) I have exported the citrix chain from a windows workstation to a *.p7b and imported it into the MAC trusted all certs and copied it to all possible /keystore/cacert folders no go.


Now this is only affect my MAC cliets and WIndows is working fine.  I noticed tha tmy Netscaler has the server level and intermediate certificates installed but not the parent root. Could this be causing the problem..

How can I import this CER from my  workstation to netscaler if needed
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 18

Expert Comment

by:Peter Hutchison
Comment Utility
Yes, the root certificate must be present on the Netscalar for the trusted certificate path to work correctly.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
What about the receiver version??? Also why are my Windows clients working without issue?
0
 
LVL 18

Expert Comment

by:Peter Hutchison
Comment Utility
I have used Citrix Presentation Server 4.5  on Windows with Citrix Receiver and they seem ok as long as you have the root cert installed. Must be more forgiving than the mac version.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I had a user report they were able to connect to our Citrix storefront using Mac OSx and Receiver version 11.4

My questions is how if Citrix support version 11.8 with storefront. Could it be the OS version?
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now