Mac OSX 10.5 Citrix Receiver 11.2 Error SSL-86

I am try to help our new Citrix admin troubleshoot why some of our Mac clients are getting an SSL-86 message when trying to launch an app.

Here is what I have done and researched.
1) Copy the root Verisgin, Intermediary Symantec and our SSL cert to the /library/Application Support/Citrix/Keystore/cacert folder

2) Imported all cert into the Mac KeyAccess and imported to certs into login and System and set the trust policy to "Always allow"

3) When the user access our Citrix site they *do not* get a Cert error message

We are using  Citrix Netscaler 10.1 and just cutover to Storefront.

I have been working on this for two days without any luck. I believe Safarie is not accepting the intermediary certificate...

Please note, if a user uses Internet Explorer from a Windows machine it seems to work without issue.
LVL 21
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
MAke sure that the root certificates have not been recently replaced with newer versions.
Make sure tha any Apache chain files on the server it self and on the Netscalar also have the intermediate certificates installed as well!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Author Commented:
thanks for your reply...

I am not a Mac person. I forgot to mention that the certification I copied to the keystore/cacert folder I rename to *.crt

Also we are using a Verisign Cert but the middle cert is listed as Synmantec. How can I tell if a root cert is missing? I am not sure about the netscaler but would Windows clients have an issue as well??
Peter HutchisonSenior Network Systems SpecialistCommented:
For missing certificates you have to check the KeyChain and the Citrix cacert folders for the missing certificate files.
For Windows you can check via Internet Explorer, Internet Options, Content, Certificates or the Certificates.msc console.
compdigit44Author Commented:
I might have  a theory here..

1) Some of our clients are running OSX 10.5 and the latest verision of the Citrix Receiver which I can install is 11.2 but according to the Citrix site Recive version 11.8 is need for Storefront. I wonder if this is part of my issue.

2) I have exported the citrix chain from a windows workstation to a *.p7b and imported it into the MAC trusted all certs and copied it to all possible /keystore/cacert folders no go.

Now this is only affect my MAC cliets and WIndows is working fine.  I noticed tha tmy Netscaler has the server level and intermediate certificates installed but not the parent root. Could this be causing the problem..

How can I import this CER from my  workstation to netscaler if needed
Peter HutchisonSenior Network Systems SpecialistCommented:
Yes, the root certificate must be present on the Netscalar for the trusted certificate path to work correctly.
compdigit44Author Commented:
What about the receiver version??? Also why are my Windows clients working without issue?
Peter HutchisonSenior Network Systems SpecialistCommented:
I have used Citrix Presentation Server 4.5  on Windows with Citrix Receiver and they seem ok as long as you have the root cert installed. Must be more forgiving than the mac version.
compdigit44Author Commented:
I had a user report they were able to connect to our Citrix storefront using Mac OSx and Receiver version 11.4

My questions is how if Citrix support version 11.8 with storefront. Could it be the OS version?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.