If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article. Cannot connect to Citrix XenApp server.SSL Error 61: You have not chosen to trust "/C=/ST=/L=/O=r7720-std..ty29s3/OU=", the issue of the server's security certificate. 3) Choose the cert in the list (in our case “thawte ssl ca”) 4) Click on edit trust 5) Tick this certificate can identify website and software maker (tick 1 and 3) 6) Validate and close every menu. try again As of this writing, the following older Citrix products have been validated to support SHA-2 certificates: The older Citrix Online Plug-in does not support SHA256 signature algorithm. Refer to CTX200114 -. right-click the minimized Citrix icon and choose Advanced Preferences Choose Connection Center Highlight any open connections, and choose Log Off. Now in Citrix Studio go to Hosting node and configure Connection and resources. Users trying to launch the desktop enabling the "HDX Adaptive Transport" policy set to Diagnostic and it fails with an error: 'Unable to connect to the server. Citrix Workspace app is the new universal app for all workspace services, that will encompass all Citrix clients and app capabilities over time. Contact your support with the following information: Can not connect to the Citrix XenApp server. Sorry we couldn't be helpful. To resolve this issue, disable the IIS Admin service and all its dependent services on the Secure Gateway server, or change the IIS SSL port to something other than 443. The system administrator might need to contact the certificate authority who sold the faulty certificate and inform them that the certificate is in violation of RFC 3280. They have no effect on the ICA client. Refer to the following articles if SSL error 61 is observed when using Citrix Receiver: Please verify reCAPTCHA and press "Submit" button, Ciphers Supported by the NetScaler Appliance, Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..." for Receiver Users, Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..."on Receiver for Mac, You have not chosen to trust 'Certificate Authority'...", XenApp 6.5 with Hotfix XA650R06W2K8R2X64023. Some certificate authorities erroneously issue certificates that contain only the following key usage extensions that indicate support for Server-Gated Cryptography (SGC): Unknown Key Usage (2.16.840.1.113730.4.1), Unknown Key Usage (1.3.6.1.4.1.311.10.3.3). Help us improve this article with your feedback. Current setup: Citrix hosted in single data centre, all services built in HA, but no data centre failure. If it isn't installed, it can be added in the Programs Control Panel applet by clicking "Turn Windows features on or off". Therefore the client's IT should update their root certificate, which can be done via Windows update. NOTE: Please ensure that all exceptions have been made in the firewall and any Web Filtering programs are not blocking the connection. 10. {{articleFormattedModifiedDate}}, Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..." When Launching Apps with Citrix Online Plug-in, Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..." on Receiver for Mac, Please verify reCAPTCHA and press "Submit" button, Install the root certificate/intermediate certificate, Configure Trusted Roots and Disallowed Certificates, Error Message: This Security Certificate Was Issued by a Company that You Have Not Chosen to Trust, Installing the Root & Intermediate Certificates, How to Link an Intermediate Certificate to the Server Certificate in NetScaler/NetScaler Gateway, Error: "The server certificate received is not trusted (SSL Error 61)" on Receiver for Linux, Citrix ICA Client: SSL Error 61: You have not chosen to trust "VeriSign", the issuer to the server's security certificate, Unable to launch applications SSL Error 61. Select the application server from the list of connections. 4. Download or obtain the SSL root certificate/intermediate certificate (.crt/.cer) file issued by your SSL certificate provider. The Citrix SSL server you have selected is not accepting connections. Web interface 5.4.2.59 with the below mentioned configurations for different XML transport types. Click Log off; Repeat steps 3 and 4 for any and all remaining connections. When these two values are the only items listed in the Enhanced Key Usage field, the certificate is in violation of RFC 3280 and should be rejected by SSL clients seeking server authentication. This article is intended for use by System Administrators. If the Extended Key Usage field is not present in the certificate, the certificate might be considered valid. {{articleFormattedCreatedDate}}, Modified: I cannot connect to "Citrix Meta Frame Server" due to a SSL error 70: the server sent an expired security certificate. Ensure DNS is properly configured between the client machine and the FQDN of the Citrix Secure Gateway Server. For more details, see separate IBM Technote #1700416. Also ask the certificate authority to issue a new certificate that contains the following key usage value in addition to any other required values:Server Authentication (1.3.6.1.5.5.7.3.1). Try again later.". SSL error 61: You have not chosen to trust , the issuer of the server's security certificate." Unchecked "use a proxy server for your LAN" setting and check "Automatically detect settings" launch the application it works fine. The SSL certificate hosted on the Secure Gateway is issued by a CA who’s public root certificate is not shipped with Citrix Mac Client. Looking at options like moving to Citrix cloud for backend and VDA on premise with a second cloud connector to Azure, but only used for those scenarios, not day to day. Error code occurs after upgrading to ICA Client 7.0. Upgrade to the latest version of Receiver to verify if this resolves the issue. I had an SSL cert for my Citrix Secure Gateway URL slip my attention and go out of date. to load featured products content, Please After you receive an updated certificate with the correct usage fields listed, replace the certificate on your NetScaler Gateway server using the MMC Certificates snap-in. Scenario #2 - (rare) User's client device does not trust the relevant SSL certificate. We found out that a virus was the culprit on user computer. Updating certificates on the server is a normal and routine operation; any website with SSL has to do this. In "Edit Connection Details" dialog, "server" tab I select "Published application"; The "Server location" configuration is: Server Group: Primary Address list: srvw8kxweb01.mydomain (where srvw8kxweb01 is the the domain name of the citrix web interface) SSL/TLS + HTTPS Browser. If this does not resolve the issue then proceed to the next section. The system administrator might need to contact the certificate authority who sold the faulty certificate and inform them that the certificate is in violation of RFC 3280 . This process pairs your client machines with the server machine, and is necessary if you do not use a certificate verified by a commercial SSL certificate provider.