I admit, the title is quite specific and will certainly appeal to only a small readership. But anyone who is facing the problem will be, like me, grateful for a solution.
- Citrix Receiver 4.1, or later. It is recommended to use StoreFront and a current version of Citrix Receiver, rather than Web Interface and Citrix Online Plug-In both of which support the higher SHA-2 certificates.
- Mar 10, 2015 9) Expand Intermediate Certificates and click on Certificates. 10) Right-click on Certificates, then selectAll Tasks, and click Import.
If users report they get the above message when trying to launch a published application or desktop via NetScaler Gateway it may be because the certificate you have installed on the NetScaler Gateway is of the SHA2 family and the user is still using an old version of Citrix Receiver.
In particular, the problem is about the SSL error 61 in the Citrix (Web) receiver under Linux and how to fix it. Since I have been running almost exclusively under Kubuntu for several months, the Citrix Reiceiver also moved into the new Linux box. Unfortunately, no connection to systems could be established, since the receiver disconnected with the following error message.
SSL Error 61: You have not chosen to trust “Go Daddy Root Certificate Authority – G2”, the issuer to the server’s security certificate.
What does that tell us? The web receiver wants to check the certificate of the server while connecting, but fails because it does not know the root certificate or better said it does not trust it. Accordingly, you can actually use an arbitrary root authority in the error message, since the error message would raise up with every missing authority certificate.
Now there are two solutions. Either you get the missing certificates and insert them into the following directory:
Or you have Firefox installed… How does Firefox help us? Because the root certificates of Firefox can be shared with the Citrix receiver with only one command via symbolic links. The whole works as follows:
In this case, a symbolic link for each root certificate that the Firefox knows is created in the Citrix directory, so that it can participate. Now your SSL error 61 should be gone.
If, for whatever reason, you want to undo the changes, you can run the following two commands:
When you use citrix receiver you receive an error who say 'you have chosen not to trust ssl (error 61)'.
The certificate is already on the system (windows/Firefox) or you can retrieve it easily)
Ssl Error 61 Go Daddy
2 Steps total
Step 1: Windows - Firefox
1) Go to option advanced certificates
2) Clic on view certificates
3) Choose the cert in the list (in our case “thawte ssl ca”)
4) Click on edit trust
5) Tick this certificate can identify website and software maker (tick 1 and 3)
6) Validate and close every menu.
7) To be safe, restart firefox, citrix can run now.
Step 2: Mac OSx
1) Export the certificate or retrieve it on the web (in our case we exported it from firefox). Be careful to give to the export the extension.
2) Export the certificate to the keychain store, in the system folder.
Linux Citrix Receiver Ssl Error 61
2 Comments
Ssl Error 61 On A Mac
- HabaneroScott Manning Jul 21, 2014 at 04:44pm
Will try this when it next happens thank you for sharing,
- SerranoParakum Jul 17, 2017 at 01:39pm
We had the same issue with Citrix using the GoDaddy security certificate. After about an hour of messing around, I was able to download and save the certificate using Firefox (Edge or IE did not give me that option).
Saved all the three certificate - root certificate, intermediate certificate, and the certificate in question - in a shared folder. Used the 'Import' tool, and downloaded the certificate into the certificate store in the other workstations.