Hi,

I'm trying to use access gateway to connect my corporate network but i get "SSL Error: Peer hostname mismatch" error. Any ideas?

info;

OS: mac os x 10.6.7
Access Gateway version: 2.0.1 (72)
CN in the SSL ceritificate is *.aksigorta.com.tr and my login url is acente.aksigorta.com.tr

note: i don't get any error at the windows 7/XP clients.

Edited by: Andreas Küffner on May 20, 2011 5:23 AM

Edited by: Andreas Küffner on May 20, 2011 5:25 AM

Hi Andreas,

which SSL certificate do you use? Private or public CA? Can you check if the root CA is missing on your Mac client?

Hi,

I'm attaching screenshot of certificate and error message. And i think root CA is present on my mac client.

I think that the certificate is signed by an intermediate certificate which is not trusted by default on Safari. Could you please check this?

http://www.globalsign.com/support/intermediate-root-install.php

Install the intermediate on your Mac and try again. Could you please check with Firefox too?

As your suggestion i tried with firefox and i got the same error (i attached firefox screenshots)

i couldn't find out which intermediate certificate i should install to mac client, all of links are given for servers, could you point me to the right certificate?

regards

Hi Reinhard,

I installed all the intermediate certificates to my mac client by using keychain but i get the same error message. And also i tried different versions of the CAG with no success.

regards.

Andreas,

do you see any certification issues on windows clients? Can you please verify this? Do you see the complete certificate path?

Hi Reinhard,

I don't get any certificate errors or warnings on CAG windows client and CAG connection log is clean. I'm attaching screenshot of certificate path on windows (also you can connect and see the certificate https://acente.aksigorta.com.tr)

regards

Quite strange,

http://www.digicert.com/help/ - you can check your site there, everything seems to be fine. I would check the Mac client again, can you verify if the globalsign root CA is in the local cert store?

https://www.racf.bnl.gov/docs/howto/grid/osxcertmgmt

Hi Reinhard,

İ checked the certificate thru digicert website and certificate is verified (screenshot-1).

I'm attaching screenshot of my mac os x keychain, as you can see global sign root CA exists. (screenshot-2)

following threads also mention same error;

http://forums.citrix.com/thread.jspa?threadID=252808&tstart=0
http://forums.citrix.com/thread.jspa?threadID=251335&tstart=0

Hi Reinhard,

did you check the mac client?

regards.

Hi Andreas,

sorry for not replying to your thread. I've checked with some Mac clients and all are working fine, except that i'm not using a wildcard certificate. I would suggest to open up a Citrix support case on this.