Citrix Support Posted June 12, 2014 Share Posted June 12, 2014 We are trying to setup new netscalers for remote access only using RSA. We have them working, I'm able to enter my username, password, passcode and RSA token id and I get the list of applications from the AGEE web site. We are using Xenapp 6.5 and Server 2008 R2 for published applications and published desktops. However, when I try to launch any application I get an error: Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix Xenapp Server. SSL Error 61: You have not chosen to trust "DigiCert SHA2 Secure Server CA", the issuer of the server's security certificate. Is the problem on the netscalers, the internal web server or the xenapp server itself? I'm not sure where to troubleshoot the problem from? Everything works fine internally not using the netscalers... Thanks... Gary Link to comment Share on other sites More sharing options...
Sanjith Abraham1709153204 Posted June 12, 2014 Share Posted June 12, 2014 Its with your client machine . As it doesn't have the intermediate cert " DigiCert SHA2 Secure Server CA " in its trusted store . 1) Link the intermediate cert with the server cert on the Netscaler . 2) Import this intermediate cert to your client machine in its trusted certificate folder . 2 Link to comment Share on other sites More sharing options...
Roberto Pereira Posted June 12, 2014 Share Posted June 12, 2014 I had this error 2 days ago and it was the missing intermediate certificate how Sanjith wrote... We had also a customer who imported the intermediate certificate and he received a message the the certificate is already installed, but after that it worked... Link to comment Share on other sites More sharing options...
Citrix Support Posted June 12, 2014 Author Share Posted June 12, 2014 I'm not exactly sure what you mean by link the intermediate cert with the server cert on the netscaler or specifically how to do that? However, importing the cert manually on the client machine won't work very well since it is a remote access site and users could be coming from any machine, it seems odd to have to manually import a cert for every machine? ... Gary Link to comment Share on other sites More sharing options...
Matthew Francis1709152434 Posted June 12, 2014 Share Posted June 12, 2014 This is the steps to link the intermediate to the cert provided by your SSL cert vendor.https://support.citrix.com/article/CTX128539 If the users machine can not complete the chaining it will provide a SSL 61. Get the SSL cert providers Int. cert and upload and link it. Link to comment Share on other sites More sharing options...
Citrix Support Posted June 12, 2014 Author Share Posted June 12, 2014 Reading the article about linking the intermediate to the cert provided by your SSL cert vendor it says "Click the Certificate Error available in the Address bar of the Web browser and download the intermediate certificate from the site." Except that IE doesn't display a certificate error, everything is fine logging in and everything is fine without any errors or cert problem indications after login or after displaying the applications. It is at the point of clicking on the application that the error occurs. Also the article references Android phones? Others are saying install certificates on the web servers, other information that I found said install certs on the Xenapp servers... Just not sure the source of the cert problem right now? .... Gary Link to comment Share on other sites More sharing options...
Sanjith Abraham1709153204 Posted June 12, 2014 Share Posted June 12, 2014 When user clicks on the application , Citrix Receiver initiates a new SSL connection to the AGEE Vserver and using this connection it sends the ICA traffic over the SSL connection . When Receiver is initiating the connection it verifies whether the cert is valid , for that it looks for the intermediate cert and root cert in the User's trusted certificate folder . And when its not able to create a trusted link , it might generate this type of error . To verify if its something on the client machine , enable receiver logging http://support.citrix.com/article/CTX134101 and go through the log file to identify the point where it fails . Link to comment Share on other sites More sharing options...
Citrix Support Posted June 13, 2014 Author Share Posted June 13, 2014 We found the problem, it was an issue of older Citrix clients, a newer client verison resolved the problem. 1 Link to comment Share on other sites More sharing options...
Leanne Oliver Posted February 3, 2020 Share Posted February 3, 2020 Just our two bits worth for our specific scenario. Contractor upgraded us to Citrix ADV ver13 and we found may remote clients would receive "Unable to connect to the server. Contact your system administrator with the following error: SSL Error 61: You have not chosen to trust "insertcertificatename", the issuer of the server's security certificte. Problem only occurred when clients used Internet Explorer to access their apps. We deleted the intermediate certificate in IE on the client PC, imported one that was working on another PC and seems to work fine now. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now