× SSL247 joins forces with Sectigo CA - Find Out More...
Our accreditations and awards:
Cookies
0 items Total $0

Knowledge Base

  

Problem

One of these followings messages may appear:

"Cannot connect to the Citrix Presentation Server"
"Certificate not trusted when ICA Mac Client connects to Secure Gateway"
"Certificate not trusted when connecting to Secure Gateway" (SSL Error 61)


Cause

The SSL certificate hosted on the Secure Gateway is issued by a CA who’s public root certificate is not shipped with Citrix Mac Client.


Resolution

Place a copy of the required CA Root in the keystore\cacerts directory of the Mac Client to connect through the Citrix Secure Gateway. 

How to export a CA root certificate on OS X 10.4: 

1. Open the Keychain Access in the Applications and Utilities folder.

2. Highlight the X509 Anchors Keychain in the menu.

3. Navigate through the Certificate Authorities to find the required CA root used with the SSL Certificate which is applied to the Secure Gateway.

4. Highlight the certificate and select File, then Export from the menu bar.

5. The default File Format should be .cer. Save this file to the ICA Client\keystore\cacerts 


List of default root certificates included in the ICA Macintosh Client:  

  - BTCTRoot.crt - Issued by Baltimore CyberTrust RootClass3

  - PCA_G2_v2.crt - Issued by VeriSign, Inc.

  - Class4PCA_G2_v2.crt - Issued by VeriSign, Inc.

  - GTECTGlobalRoot.crt - Issued by GTE CyberTrust Global Root

  - GTECTRoot.crt - Issued by GTE CyberTrust Root

  - Pcs3ss_v4.crt - Issued by Class 3 Public primary Certification Authority

  - Pcs3ss_v4.crt - Issued by Class 3 Public primary Certification Authority  

Was this information Useful?
Comments

Privacy Policy