Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Citrix SHA2 Certificate error on Mac Receiver - You have not chosen to trust "RapidSSL SHA256 CA-G3" Error

Posted on 2015-01-01
3
Medium Priority
?
5,268 Views
Last Modified: 2015-01-07
Hi
After a recent renewal of our Citrix FQDN Certificate all users connecting via Mac are receiving the following error when launching an application.

You have not chosen to trust "RapidSSL SHA256 CA-G3" Error the issuer of the servers security certificate.

We have over a 100 in the field so updating the clients individually is a last resort.

We have tested the latest receiver with no luck.

Any advice would be greatly appreciated.
0
Comment
Question by:michael334
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 40527809
Hi,

I would suggest to check the certificate and see it is valid www.sslshopper.com/ssl-checker.html (just give the external access of you citrix access). I am sure that this will give some clue where the issue actually lying.
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40527878
First sha2 is supported with Release 10.5 Build 53.9 or higher, but only with TLS v1.2.
http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-5-map/ns-ssl-supported-ciphers-list-ref.html

Next this is quite similar to the error 61 (which i believe it is) the root certificate of the CA that issued the SSL certificate is not in the client browser's Trusted Root Certification Authority store. In your case it is RapidSSL CA and need to also install those onto the Citrix Server.
http://support.citrix.com/article/CTX101990

Also the client also need to trust any Intermediate certificate for RapidSSL (even if they now trust the root). Hence it may cause the webserver (front end server) not providing details of the Intermediate certificate for the client to establish this cert chain check. So we need to ensure the RapidSSL Intermediate CA certificates are installed
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO16588&actp=AGENT_REFERAL

in fact, instead of going to each client, righfully, the Citrix/Web Interface/whatever server front end that your client connects through should install the Intermediates cert on the server. So that no matter what the client is, the server will provide the missing component in the certificate chain (i.e the Intermediate certificate) and thereafter the client will trust it.

... if really did not work out as expected, instead to go into every client machines, probably go into gpo push down to client is more preferred and optimal for domain joined machine  http://technet.microsoft.com/en-us/library/cc782744%28v=ws.10%29.aspx
0
 

Author Comment

by:michael334
ID: 40536445
Thanks
The only way we have been able to resolve the issue is to provide the root certificate for Rapid SSL for the individual MAC users as it is not provided in the keychain and there appears to be no way to automate the download from the citrix client or Web Interface,
Even with Yosemite the root certificates for Go Daddy and Rapid SSL are not included and have to be added manually.

I hate technology....
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question