Waylander Posted February 25, 2008 Report Share Posted February 25, 2008 Okay bit of a nerd-fest this. I tried installing the Citrix client on my home pc from the Trust portal to allow broadband access to work from home [for on call etc]. When I typed in the portal addy in IE7 I got the message that there is a problem with Website security [certificate not issued by a trusted authority]. It gives the option to continue anyway, but not to access/trust the certificate. I get as fas as the last stage but when I try to run the app i get the SSL61 error: you have chosen not to trust this site's certificates. At the top in the car in IE7 it says in red "certificate error" and I right-click to install thinking that would fix it but no joy. did a google and it is not uncommon but all fixes seem rather cloak in dagger.... btw the same problem if I install from FF. Link to comment Share on other sites More sharing options...
shark_90 Posted February 25, 2008 Report Share Posted February 25, 2008 Go to the portal, click "Continue to this website (not recommended)" which will take you to the portal. Once in there, open the View menu and click Security Report. It will then bring a box up about it being an untrusted certificate, click view certificate at the bottom of this box. Then click the Install Certificate box in the Certificate window. Follow the prompts and you should be ok By the way, you're not supposed to be able to get in by using Citrix Link to comment Share on other sites More sharing options...
shark_90 Posted February 25, 2008 Report Share Posted February 25, 2008 [ QUOTE ] Go to the portal, click "Continue to this website (not recommended)" which will take you to the portal. Once in there, open the View menu and click Security Report. It will then bring a box up about it being an untrusted certificate, click view certificate at the bottom of this box. Then click the Install Certificate box in the Certificate window. Follow the prompts and you should be ok By the way, you're not supposed to be allowed to get in by using Citrix [/ QUOTE ] Link to comment Share on other sites More sharing options...
shark_90 Posted February 25, 2008 Report Share Posted February 25, 2008 Oops, quoted my post instead of edited it Link to comment Share on other sites More sharing options...
davidhodgkinson Posted February 25, 2008 Report Share Posted February 25, 2008 [ QUOTE ] Oops, quoted my post instead of edited it [/ QUOTE ] Maybe you should work in IT then Link to comment Share on other sites More sharing options...
shark_90 Posted February 25, 2008 Report Share Posted February 25, 2008 Link to comment Share on other sites More sharing options...
Mac Posted February 25, 2008 Report Share Posted February 25, 2008 Shark, I'm not so sure that will work. If they're running through an SSL edge box it'll either be CSG (Citrix Secure Gateway) or one of Citrix' Access Gateways. Either will want a fully trusted source certificate. It's not enough to say you trust the cert as you need *both* parts of the certificate. It all depends on the type of certificate in use and how they've locked down (or not) the CSG/CAG units. If they've used a private certificate then generally there will be an associated root certificate published by their own Cert Authority - in that case you need to install the associated root certificate for the authority. What's more, you need to install it to the right place. The default windows install place puts it in the wrong place in the Cert store. As a side note Waylander, if what Shark has suggest doesn't work, PM me the website address and I'll tell you exactly which certificate you have, who it's trusted source is, and what you need to trust it Link to comment Share on other sites More sharing options...
shark_90 Posted February 25, 2008 Report Share Posted February 25, 2008 You know a lot more about it that me mate, I was going to say they shouldn't be cheapskates and use a proper certificate, but I was trying to be more helpful than that Link to comment Share on other sites More sharing options...
Waylander Posted February 25, 2008 Author Report Share Posted February 25, 2008 [ QUOTE ] Go to the portal, click "Continue to this website (not recommended)" which will take you to the portal. Once in there, open the View menu and click Security Report. It will then bring a box up about it being an untrusted certificate, click view certificate at the bottom of this box. Then click the Install Certificate box in the Certificate window. Follow the prompts and you should be ok By the way, you're not supposed to be able to get in by using Citrix [/ QUOTE ] Actually I tried that. I get to this stage and can view the certificate but when I try to install via this method it asks me for a location and opens a dialogue box looking at "my documents". I get stumped at this stage! I did a whole screen capture of everything I did for our IT folk and it is the last stage that loses me Link to comment Share on other sites More sharing options...
Waylander Posted February 25, 2008 Author Report Share Posted February 25, 2008 I got to this page by clicking on this.... Link to comment Share on other sites More sharing options...
Mac Posted February 25, 2008 Report Share Posted February 25, 2008 You sent me the wrong URL your issue is the cert they're using is a privately issued one - I'll PM you the details. Essentially you need the associate ROOT certificate from their Certification Authority. If they don't know what you're talking about tell them to: https://certificationrootserver/certsrv ... and get them to download and the root certificate. My guess is they're only used to people coming in on that system when the machine they're coming in from is part of their domain. You'll trust ROOT certificates from the same domain you're a member of, see? So essentially you need to the ROOT component from the source certificate I'm about to send you Seeing as you've published the details: Pic removed as too frickin big. The SSL certificate in use is published by the organisation 'Sexual Deviants Ltd.'. On the 'Sexual Deviant' network they'll have a certificate authority - probably Windows by the look of it. You need them to export the ROOT certificate and send it to you. You need to import to it Trusted Root Certificate Store . NOT the default store that it offers you. I need to double check that store name as I'm not on a Windows machine right now. In the Citrix egde world you're not so much ensuring the validity of the end point you're connecting to you're more using the SSL cert to encrypt the traffic between the client and the edge server - this tends to be why people use self issued certs. Personally though when you can pick up publically signed certs from people like GoDaddy for 30US$ I can't imagine it's worth the time effort or support effort it goes into using privately signed certificates when there's a possibility that the clients accessing the site are not part of your corporate domain. Link to comment Share on other sites More sharing options...
Mac Posted February 25, 2008 Report Share Posted February 25, 2008 [ QUOTE ] I was going to say they shouldn't be cheapskates and use a proper certificate, [/ QUOTE ] Couldn't agree more - we get this constantly in public sector companies. They save less than 100US$ on the bottom line but ending spending 10 times on support time Link to comment Share on other sites More sharing options...
Mac Posted February 25, 2008 Report Share Posted February 25, 2008 incidently Waylander on this bit: [ QUOTE ] https://certificationrootserver/certsrv [/ QUOTE ] The 'certificationrootserver' needs to be the fully qualified domain name of the server running the certification authority Link to comment Share on other sites More sharing options...
Waylander Posted February 25, 2008 Author Report Share Posted February 25, 2008 Mac I am going to ask a Mod if he will remove the attachments as I didnt have time when I posted them up to remove the employer identifier. Could you please also edit it out of your post? Thanks I'll pretend I know what you're talking about in the last bit Link to comment Share on other sites More sharing options...
Waylander Posted February 26, 2008 Author Report Share Posted February 26, 2008 Barsteward Link to comment Share on other sites More sharing options...
Waylander Posted February 26, 2008 Author Report Share Posted February 26, 2008 Thanks Mac. I think I follow you and have found the store location by clicking on certmgr in system32. Link to comment Share on other sites More sharing options...
Waylander Posted February 26, 2008 Author Report Share Posted February 26, 2008 Thanks Scooby Link to comment Share on other sites More sharing options...
scooby_simon Posted February 26, 2008 Report Share Posted February 26, 2008 [ QUOTE ] Mac I am going to ask a Mod if he will remove the attachments as I didnt have time when I posted them up to remove the employer identifier. Could you please also edit it out of your post? Thanks I'll pretend I know what you're talking about in the last bit [/ QUOTE ] Hopefully I deleted the right attachements..... Link to comment Share on other sites More sharing options...
Waylander Posted February 26, 2008 Author Report Share Posted February 26, 2008 Yes - all the ones detailing just what sort of sexual deviant I apparently am... Link to comment Share on other sites More sharing options...
Mac Posted February 26, 2008 Report Share Posted February 26, 2008 [ QUOTE ] Thanks Mac. I think I follow you and have found the store location by clicking on certmgr in system32. [/ QUOTE ] You may have but you still don't have the root bit If they're not sure what you mean get them to drop me an email will explain in more detai Link to comment Share on other sites More sharing options...
Waylander Posted February 26, 2008 Author Report Share Posted February 26, 2008 Will do. Thanks again. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now