Link to home
Avatar of Arikkan
ArikkanFlag for United States of America

asked on

Certificate issues after installing a self signed root certificate to Trusted Root CA

We are having issues with Citrix Receiver after installing a self-signed root certificate to Trusted Root CA store. After the installation, Citrix Receiver stopped working. The error message is:
Unable to connect to the server. Contact your system administrator with the following error: SSL Error 61: You have not chosen to trust "DigiCert Global Root CA", the issuer of the server's security certificate.
We deleted the self-signed certificate but the problem still persists. We also tried to download a fresh certificate from DigiCert's website but get the same error.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Are you using the latest client citrix workspace?

A self signed certificate is not a certificate from Digicert
Avatar of Arikkan

ASKER

Yes, we uninstalled all Citrix related programs and reinstalled with the newest versions.

We were having the self signed certificate for another unrelated requirements. But somehow the Digicert problem came up after we installed that self signed certificate.
Avatar of noci
noci

FYI All Root certificates are SELF-Signed by definition. and have a marker to tell the world they are an CA certificate that allows for subordinate certificates.

Putting a Selfsigned NON-CA certificate in a CA store is not exactly a usefull setup.
Adding a selfsigned certificate to the Trusted certificates store is debatable..., you can do it for a certificate for personal use...
Certificates depend on the someone Not telling the world: I am trustworthy, look here this letter i made tells you so.
3rd pty certificates work like a party trusted by some "trusted person" notary f.e. writing a letter of trust....

Getting this right is no rocket science.
If you use your selfsigned certificate as the only trustworth top then any other certificate will be useless. And as clients will get the chain of trust handed down to them EXCEPT for the CA certificate, each client needs the same trustworthy root cert.

Avatar of Arikkan

ASKER

Thanks noci for the information,
But how does one revert the change or resolve the problem of the certificate invalidating other certificates?
Thank you
ASKER CERTIFIED SOLUTION
Avatar of Arikkan
Arikkan
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial