// This is the script to give summary on the main page.
Think IPM

Wednesday, October 9, 2013

Citrix SSL Error 61 : Resolving Trust in a Security Certificate

By Sam Jacobs:

The Issue: While able to launch XenDesktop sessions from IE, Chrome and iOS, using Firefox or Safari would cause:clip_image002

This was a bit tricky, since I had made sure to test out the certificate chain with Digicert’s SSL tester, and all came up fine:

When I’m on the forums, I always tell users to make sure to use BOTH certificate checkers (SSLShopper, as well as DigiCert). So, I decided to follow my own advice, and, voila!


Looks like an intermediate certificate might be missing.
Now, you cannot rely on IIS or the certificate snap-in, as they report everything as A-OK:


However, as you can see above, the server certificate links to an intermediate certificate issued to RapidSSL CA, and looking at the intermediate certificate store, that certificate is nowhere to be found:


So, we simply need to import it there (no password is needed here):







… and now there it is!


Now, after all of this, I expected to get a clean bill of health from both certificate checkers, but SSLShopper still complained about the intermediate cert. Then I realized that you need to rerun the CSG Configuration Utility whenever you change the certificate, or anything in the chain.

After running through the CSG Config Utility, we finally received SSLShopper’s blessing:


blog comments powered by Disqus