Arikkan
asked on
Certificate issues after installing a self signed root certificate to Trusted Root CA
We are having issues with Citrix Receiver after installing a self-signed root certificate to Trusted Root CA store. After the installation, Citrix Receiver stopped working. The error message is:
Unable to connect to the server. Contact your system administrator with the following error: SSL Error 61: You have not chosen to trust "DigiCert Global Root CA", the issuer of the server's security certificate.
We deleted the self-signed certificate but the problem still persists. We also tried to download a fresh certificate from DigiCert's website but get the same error.
Unable to connect to the server. Contact your system administrator with the following error: SSL Error 61: You have not chosen to trust "DigiCert Global Root CA", the issuer of the server's security certificate.
We deleted the self-signed certificate but the problem still persists. We also tried to download a fresh certificate from DigiCert's website but get the same error.
ASKER
Yes, we uninstalled all Citrix related programs and reinstalled with the newest versions.
We were having the self signed certificate for another unrelated requirements. But somehow the Digicert problem came up after we installed that self signed certificate.
We were having the self signed certificate for another unrelated requirements. But somehow the Digicert problem came up after we installed that self signed certificate.
FYI All Root certificates are SELF-Signed by definition. and have a marker to tell the world they are an CA certificate that allows for subordinate certificates.
Putting a Selfsigned NON-CA certificate in a CA store is not exactly a usefull setup.
Adding a selfsigned certificate to the Trusted certificates store is debatable..., you can do it for a certificate for personal use...
Certificates depend on the someone Not telling the world: I am trustworthy, look here this letter i made tells you so.
3rd pty certificates work like a party trusted by some "trusted person" notary f.e. writing a letter of trust....
Getting this right is no rocket science.
If you use your selfsigned certificate as the only trustworth top then any other certificate will be useless. And as clients will get the chain of trust handed down to them EXCEPT for the CA certificate, each client needs the same trustworthy root cert.
Putting a Selfsigned NON-CA certificate in a CA store is not exactly a usefull setup.
Adding a selfsigned certificate to the Trusted certificates store is debatable..., you can do it for a certificate for personal use...
Certificates depend on the someone Not telling the world: I am trustworthy, look here this letter i made tells you so.
3rd pty certificates work like a party trusted by some "trusted person" notary f.e. writing a letter of trust....
Getting this right is no rocket science.
If you use your selfsigned certificate as the only trustworth top then any other certificate will be useless. And as clients will get the chain of trust handed down to them EXCEPT for the CA certificate, each client needs the same trustworthy root cert.
ASKER
Thanks noci for the information,
But how does one revert the change or resolve the problem of the certificate invalidating other certificates?
Thank you
But how does one revert the change or resolve the problem of the certificate invalidating other certificates?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A self signed certificate is not a certificate from Digicert