// This is the script to give summary on the main page.
Think IPM

Wednesday, October 9, 2013

Citrix SSL Error 61 : Resolving Trust in a Security Certificate

By Sam Jacobs:

The Issue: While able to launch XenDesktop sessions from IE, Chrome and iOS, using Firefox or Safari would cause:clip_image002

This was a bit tricky, since I had made sure to test out the certificate chain with Digicert’s SSL tester, and all came up fine:
image

When I’m on the forums, I always tell users to make sure to use BOTH certificate checkers (SSLShopper, as well as DigiCert). So, I decided to follow my own advice, and, voila!

Screenshot_100913_045043_PM

Looks like an intermediate certificate might be missing.
Now, you cannot rely on IIS or the certificate snap-in, as they report everything as A-OK:

image

However, as you can see above, the server certificate links to an intermediate certificate issued to RapidSSL CA, and looking at the intermediate certificate store, that certificate is nowhere to be found:

clip_image010

So, we simply need to import it there (no password is needed here):

clip_image012

clip_image014

clip_image016

clip_image018

clip_image020

clip_image022

… and now there it is!

clip_image024

Now, after all of this, I expected to get a clean bill of health from both certificate checkers, but SSLShopper still complained about the intermediate cert. Then I realized that you need to rerun the CSG Configuration Utility whenever you change the certificate, or anything in the chain.

After running through the CSG Config Utility, we finally received SSLShopper’s blessing:

image

blog comments powered by Disqus Blog Widget by LinkWithin