Citrix XenApp Application Error: “Cannot connect to the Citrix XenApp Server. SSL Error 61

Citrix XenApp Application Error: “Cannot connect to the Citrix XenApp Server.  SSL Error 61: You have not chosen to trust “certificate authority”, the issuer of the server’s security certificate.

You may receive SSL Error 61 when attempting to launch a Citrix XenApp application through Citrix Netscaler using  the legacy Program Neighborhood Agent (PN Agent).

As explained below, certificates are signed with SHA256 which older versions of the ICA client do not support.

Ensure that clients have the latest version of Citrix Receiver installed.

http://discussions.citrix.com/topic/284298-citrix-ica-client-ssl-error-61-you-have-not-chosen-to-trust-verisign-blah-blah-the-issuer-to-the-servers-security-certificate/.

I ran into this issue today after having setup a new Netscaler VPX access gateway with new server cert linked. We are migrating from Citrix Secure Gateway.

When trying to establish the Citrix session via the Access Gateway, I got the same error. Of course the ICA client version we are using is 11.x

The reason for the error: Server certificates are now digitally signed using SHA256 algorithm, not SHA128. The older versions of the ICA client do not support this.

So the answer is to upgrade the client to the Online Plug-in 12.3 if you need PNAgent and / or Web Client. Upgrade directly to Citrix Receiver if you don’t need PNAgent.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s