Citrix Receiver Ssl Error 61
Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. SSL Error 61: You have not chosen to trust “Certificate”, the issuer of the server’s security certificate.
I installed Citrix according the Tutorial How to install Citrix Receiver icaclient in Ubuntu 14.04 LTS 64-bit The installation completed without any errors. I also made sure that the certificates are there according to the CitrixXenAppPlugin - configure certificates. Department Of Technology. For Core Hours (M-F 9AM-5PM) Support contact the Service Desk at 916-464-4311. WARNING UNAUTHORIZED ACCESS TO ANY STATE OF CALIFORNIA COMPUTING SYSTEM CONTAINING US GOVERNMENT OR STATE OF CALIFORNIA INFORMATION IS A CRIMINAL VIOLATION OF PENAL CODE SECTION 502 AND/OR APPLICABLE FEDERAL LAW AND IS SUBJECT. I am using Ubuntu 12.04.5 LTS and I have Citrix Receiver installed. When I am trying to login, I got the error: You have not chosen to trust 'DigiCert Hish Assurance Server CA', the issuer of the.
If users report they get the above message when trying to launch a published application or desktop via NetScaler Gateway it may be because the certificate you have installed on the NetScaler Gateway is of the SHA2 family and the user is still using an old version of Citrix Receiver.
Since 2014 the likes of Google and Microsoft announced that they would begin to deprecate SHA1 on their web browsers which may cause browser compatibility issues with websites still using SHA1. The reason for the deprecation was because whilst the majority of websites used SHA1 it was weak and prone to attack.
This move prompted companies to upgrade their certificates to SHA2 which many of the SSL vendors allowed free of charge. Microsoft announced that after 1st January 2017 their Windows platform will stop accepting SHA1 certificates. This also relates to SHA1 intermediate certificates as these need upgrading also.
Citrix Receiver supports SHA2 as of 25th February 2014 in versions such as Receiver 3.4 Enterprise, Receiver 4.1 for Windows, Mac 11.8.2 for Mac. If you are using older clients and your NetScaler Gateway is using a SHA2 certificate you may get the error stated above.
Simple fix, keep your Receiver client up to date!
P.s. I have also experience users getting The connection to “Resource Name” failed with status (1030). This error can generally be related to firewall ports being blocked between client and VDA but in this case it was also certificates. User was using an old version of online plug-in.
Applicable Products
- Web Interface
Symptoms or Error
Users may be unable to launch apps with the Citrix Online Plug-in.
The following error message appears:'Unable to launch your application. Contact your Helpdesk with the following information: Cannot connect to the Citrix XenApp server. SSL error 61: You have not chosen to trust <name of SSL Certificate Authority>, the issuer of the server's security certificate.'
Solution
As of this writing, the following older Citrix products have been validated to support SHA-2 certificates:
- Secure Gateway 3.3.4
- XenApp 6.5 with Hotfix XA650R06W2K8R2X64023
- Web interface 5.4.2.59 with the below mentioned configurations for different XML transport types.
- Citrix Receiver 4.1, or later.
Problem Cause
The older Citrix Online Plug-in does not support SHA256 signature algorithm.
Additional Resources
Citrix Documentation - Ciphers Supported by the NetScaler Appliance
Citrix Receiver Ssl Error 61 Linux
Refer to the following articles if SSL error 61 is observed when using Citrix Receiver:Citrix Receiver Ssl Error 61
Ssl Error 61 Safari
- CTX101990 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' for Receiver Users
- CTX108800 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...'on Receiver for Mac
- CTX203362 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' on Receiver for Linux