Solved

Mac OSX 10.5 Citrix Receiver 11.2 Error SSL-86

Posted on 2014-11-12
8
891 Views
Last Modified: 2016-10-25
I am try to help our new Citrix admin troubleshoot why some of our Mac clients are getting an SSL-86 message when trying to launch an app.

Here is what I have done and researched.
1) Copy the root Verisgin, Intermediary Symantec and our SSL cert to the /library/Application Support/Citrix/Keystore/cacert folder

2) Imported all cert into the Mac KeyAccess and imported to certs into login and System and set the trust policy to "Always allow"

3) When the user access our Citrix site they *do not* get a Cert error message

We are using  Citrix Netscaler 10.1 and just cutover to Storefront.

I have been working on this for two days without any luck. I believe Safarie is not accepting the intermediary certificate...

Please note, if a user uses Internet Explorer from a Windows machine it seems to work without issue.
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40438838
MAke sure that the root certificates have not been recently replaced with newer versions.
Make sure tha any Apache chain files on the server it self and on the Netscalar also have the intermediate certificates installed as well!
0
 
LVL 20

Author Comment

by:compdigit44
ID: 40438864
thanks for your reply...

I am not a Mac person. I forgot to mention that the certification I copied to the keystore/cacert folder I rename to *.crt

Also we are using a Verisign Cert but the middle cert is listed as Synmantec. How can I tell if a root cert is missing? I am not sure about the netscaler but would Windows clients have an issue as well??
0
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 500 total points
ID: 40440104
For missing certificates you have to check the KeyChain and the Citrix cacert folders for the missing certificate files.
For Windows you can check via Internet Explorer, Internet Options, Content, Certificates or the Certificates.msc console.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 40440121
I might have  a theory here..

1) Some of our clients are running OSX 10.5 and the latest verision of the Citrix Receiver which I can install is 11.2 but according to the Citrix site Recive version 11.8 is need for Storefront. I wonder if this is part of my issue.

2) I have exported the citrix chain from a windows workstation to a *.p7b and imported it into the MAC trusted all certs and copied it to all possible /keystore/cacert folders no go.


Now this is only affect my MAC cliets and WIndows is working fine.  I noticed tha tmy Netscaler has the server level and intermediate certificates installed but not the parent root. Could this be causing the problem..

How can I import this CER from my  workstation to netscaler if needed
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 40440157
Yes, the root certificate must be present on the Netscalar for the trusted certificate path to work correctly.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 40440297
What about the receiver version??? Also why are my Windows clients working without issue?
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 40440424
I have used Citrix Presentation Server 4.5  on Windows with Citrix Receiver and they seem ok as long as you have the root cert installed. Must be more forgiving than the mac version.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 40441424
I had a user report they were able to connect to our Citrix storefront using Mac OSx and Receiver version 11.4

My questions is how if Citrix support version 11.8 with storefront. Could it be the OS version?
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question