Latest Citrix Receiver For Mac
Update to the Latest Receiver Version. Upgrade to the latest version of Receiver to verify if this resolves the issue. If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 - Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates. How To: Citrix Receiver Dual Monitor Setup If you are working from home in Citrix and have dual monitors, you can take advantage of dual monitor setup by enabling some settings in Citrix Receiver. TCP port 8008 is used by Citrix Workspace app for HTML5, or supported versions of Citrix Receiver and Citrix Workspace app, where enabled, for communications from local users on the internal network to the servers providing their desktops and applications. StoreFront supports both pure IPv6 networks and dual-stack IPv4/IPv6 environments. How To: Citrix Receiver Dual Monitor Setup If you are working from home in Citrix and have dual monitors, you can take advantage of dual monitor setup by enabling some settings in Citrix Receiver. Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace app. Citrix Workspace app is a new client from Citrix that works similar to Citrix Receiver and is fully backward-compatible with.
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
Update to the Latest Receiver Version
- Upgrade to the latest version of Receiver to verify if this resolves the issue.
- If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 - Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.
If this does not resolve the issue then proceed to the next section.
For information on Receiver feature updates refer to - Citrix Receiver Feature Matrix.
Missing Root/Intermediate Certificate
This error message suggests that the Mac client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the Secure Gateway/NetScaler Gateway server certificate.
Complete the following steps to resolve this issue:
Open the Keychain Access in the Applications > Utilities folder:
Highlight the X509 Anchors Keychain in the menu (you might have to authenticate to do this).
Browse through the Certificate Authorities to find the company that has issued the certificate that is being used by the Secure Gateway/NetScaler Gateway – for this example, Thawte Premium Server CA:
Highlight the certificate and select File > Export from the menu bar:
The default File Format should be Certificate (.cer).
Note: You might need to rename the certificate to a .CRT extension for the client to properly identify the certificate.Save the certificate to the ApplicationsCitrix ICA Clientkeystorecacerts folder (create this folder if it does not exist):
Additional Resources
CTX101990 - Error: 'The server certificate received is not trusted (SSL Error 61)' for Receiver Users
CTX203362 - Error: 'The server certificate received is not trusted (SSL Error 61)' on Receiver for Linux
CTX200836 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' When Launching Apps with Citrix Online Plug-in
'The server certificate received is not trusted (SSL Error 61)'
'Your app is not available. Try again later.'
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
Update to the Latest Receiver Version
- Upgrade to the latest version of Receiver to verify if this resolves the issue.
- If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 - Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.
If this does not resolve the issue then proceed to the next section.
For information on Receiver feature updates refer to - Citrix Receiver Feature Matrix.Missing Root/Intermediate Certificate
This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the NetScaler Gateway server certificate.
Complete the following steps to resolve this issue:Download or obtain the SSL root certificate/intermediate certificate (.crt/.cer) file issued by your SSL certificate provider.
Root certificate/intermediate certificate can be downloaded from your SSL certificate provider's website or can be obtained on request. Usually root certificate is present in the certificate bundle provided by your SSL service provider along with intermediate and server certificates.Install the root certificate/intermediate certificate on the client machine.
If an antivirus is installed on the client machine then ensure that the antivirus trusts the certificate.
This process pairs your client machines with the server machine, and is necessary if you do not use a certificate verified by a commercial SSL certificate provider. Most commercial certificate providers arrange to have their certificates pre-installed on machines through an agreement with the operating system creator (Microsoft, Apple, and so on).
Server Certificate is Not RFC 3280 Compliant
SSL Error 61 can occur when the server certificate is not compliant with the instructions in RFC 3280 regarding the Enhanced Key Usage field.New Citrix Receiver For Mac
The system administrator might need to contact the certificate authority who sold the faulty certificate and inform them that the certificate is in violation of RFC 3280. Also ask the certificate authority to issue a new certificate that contains the following key usage value in addition to any other required values:
Server Authentication (1.3.6.1.5.5.7.3.1)
NetScaler Gateway acts as an SSL server, so Server Authentication (1.3.6.1.5.5.7.3.1) must be listed among the designated key uses if any are present. If the Extended Key Usage field is not present in the certificate, the certificate might be considered valid.
Some certificate authorities erroneously issue certificates that contain only the following key usage extensions that indicate support for Server-Gated Cryptography (SGC):
Citrix Receiver For Mac Catalina
Unknown Key Usage (2.16.840.1.113730.4.1)
Unknown Key Usage (1.3.6.1.4.1.311.10.3.3)
These extensions are intended as a signal to Netscape and Internet Explorer web browsers that they should negotiate 128-bit encryption regardless of the normal capabilities of the client. They have no effect on the ICA client. When these two values are the only items listed in the Enhanced Key Usage field, the certificate is in violation of RFC 3280 and should be rejected by SSL clients seeking server authentication.
Note: Not all SGC compliant certificates are missing the Server Authentication value and not all invalid certificates are SGC compliant.
After you receive an updated certificate with the correct usage fields listed, replace the certificate on your NetScaler Gateway server using the MMC Certificates snap-in.
Additional Resources
- Microsoft TechNet - Configure Trusted Roots and Disallowed Certificates
- Microsoft TechNet - Error Message: This Security Certificate Was Issued by a Company that You Have Not Chosen to Trust
- CTX128539 - How to Link an Intermediate Certificate to the Server Certificate in NetScaler/NetScaler Gateway
- CTX200836 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' When Launching Apps with Citrix Online Plug-in
- CTX203362 - Error: 'The server certificate received is not trusted (SSL Error 61)' on Receiver for Linux
- CTX108800 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' on Receiver for Mac
- Citrix Discussions - Citrix ICA Client: SSL Error 61: You have not chosen to trust 'VeriSign', the issuer to the server's security certificate
- Citrix Discussions - Unable to launch applications SSL Error 61