Citrix XenApp Application Error: “Cannot connect to the Citrix XenApp Server. SSL Error 61: You have not chosen to trust “certificate authority”, the issuer of the server’s security certificate.
You may receive SSL Error 61 when attempting to launch a Citrix XenApp application through Citrix Netscaler using the legacy Program Neighborhood Agent (PN Agent).
As explained below, certificates are signed with SHA256 which older versions of the ICA client do not support.
Ensure that clients have the latest version of Citrix Receiver installed.
I ran into this issue today after having setup a new Netscaler VPX access gateway with new server cert linked. We are migrating from Citrix Secure Gateway.
When trying to establish the Citrix session via the Access Gateway, I got the same error. Of course the ICA client version we are using is 11.x
The reason for the error: Server certificates are now digitally signed using SHA256 algorithm, not SHA128. The older versions of the ICA client do not support this.
So the answer is to upgrade the client to the Online Plug-in 12.3 if you need PNAgent and / or Web Client. Upgrade directly to Citrix Receiver if you don’t need PNAgent.