Jump to content


Photo

Wont trust the certificate - can't connect to work

Started by Sven Emmert , 27 March 2017 - 04:53 PM
6 replies to this topic

Sven Emmert Members

Sven Emmert
  • 3 posts

Posted 27 March 2017 - 04:53 PM

Hello everyone,

 

since yesterday I do have the problem that I can't connect to work anymore (until now it worked perfect on my MacBook).

 

The message i get is german but it translate to 

 

"You don't thrust the provider for the servers  security certificate Thawte Premium Server CA"

 

(Sie vertrauen "Thawte Premium Server CA" dem Herausgeber des Sicherheitszertfikates des servers nicht)

 

Can anyone help me? Our Citrix team at work has no clue what could cause the problem.

 

Thanks a lot

Sven



Arpit Vijayvargiya Citrix Employees

Arpit Vijayvargiya
  • 8 posts

Posted 28 March 2017 - 11:21 AM

Hi Sven,

 

Have you recently upgraded your Citrix Receiver for Mac to version 12.5? Also, can you collect the logs and share with us. You need to follow these steps to collect logs:

  1. Right click on Citrix Receiver and go to Preferences.
  2. In Advanced -> Logging, set Session Logging to Full.
  3. Reproduce the issue.
  4. Again from Logging tab, use Email Logs button and send the log file.

 

Thanks,

Arpit


Helpful Answer

Sven Emmert Members

Sven Emmert
  • 3 posts

Posted 28 March 2017 - 04:40 PM

Hello,

 

yes I use 12.5.

 

I attached the log file.

 

Thank you for your help

 

Cheers

Sven

Attached Files



Randall Smith Members

Randall Smith
  • 4 posts

Posted 30 March 2017 - 08:41 PM

Same here, upgraded to 12.5, dialog box appears that you have not trusted a VeriSign cert. I would capture the dialog box but had to rollback to 12.4 to continue working.



Achyut Kamat Members

Achyut Kamat
  • 2 posts

Posted 31 March 2017 - 02:38 PM

Same problem here, iMac just upgraded to 12.5

Gives me the error "You have chosen not to trust ...Verisign..."

 

Had to roll back to 12.4 to get any work done.



Dustin Norman Citrix Employees

Dustin Norman
  • 352 posts

Posted 05 April 2017 - 12:54 PM

Sven,

 

This is happening due to a stricter validation policy for TLS certificates that was introduced in Receiver for Mac 12.5. The documentation discusses this change and the possible resolutions: http://docs.citrix.com/en-us/receiver/mac/12-5/secure-communications.html. See the "Joint Server Certificate Validation Policy" section.

 

In your particular case, the NetScaler that you are connecting to is binding a cross-signed intermediate certificate that is causing Receiver for Mac to build a certificate chain that points to a root certificate that does not exist on your Mac (because it has been retired due to using a weak SHA1 algorithm). The resolution would be to modify the NetScaler Gateway configuration so that the cross-signed intermediate certificate is not in the list of configured certificates.

 

Dustin



Sven Emmert Members

Sven Emmert
  • 3 posts

Posted 20 April 2017 - 06:15 PM

thanks @all for there help. rolling back to 12.4 did the trick.

 

sorry for the late replay, was on vacation.

 

cheers

Sven