An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#21633 - 04/18/12 08:32 AM Citrix Receiver -vs- Corporate IT
MacManiac Offline


Registered: 08/04/09
Loc: Paradise....on the central Ore...
The Macintosh is still the red-headed step-child as far as most corporate IT departments are concerned....and this view is particularly evident where Citrix is used to communicate back to the corporate mother ship. It seems as if EVERY update to the Citrix server causes the Macintosh users in the field to be orphaned.

I recently went through this repeated process and wanted to share my work-around solution (as corporate IT won't resolve it properly at the server end).

System Details:

OS X 10.7.3
Firefox 11.0
Citrix Receiver 11.4.3

Everything worked fine until the big Citrix upgrade at the server.....then the error message read:

SSL Error 61: You have not chosen to trust "Network Solutions Certificate Authority", the issuer of the server's security certificate.

Error number: 183

Here's what I initially sent my IT folks before they told me that they weren't going to support Macintosh issues anymore....

Here's the answer for you….I solved the trusted intermediate certificate issue at the client end by exporting a valid intermediate certificate from a Windows login using IE 8 and then imported that intermediate certificate into my Macintosh System Keychain so that the Citrix connection would properly complete under mac OS X 10.7.3 / Firefox 11.0…...

This error message for all Macintosh clients (since your last Citrix server update) is solved at the server end by placing the intermediate certificate on the Citrix Access Gateway and then linking it (chaining) to the primary SSL Certificate….that way your remote users don't have to do all the work in the field.

Hope this helps you out.

...and here's the detailed solution I've been sending to my corporate Macintosh user brethren:

To fix things, I got the newer version of the needed certificate from a Windows machine, via these steps:

Windows Specific Instructions:

1) From a Windows computer, log in to the Citrix Gateway once and launch any application. This will ensure that the certificate gets installed in Windows
2) In Windows, log out of the Citrix gateway.

3) launch Internet Explorer if not already running.

4) in IE, go to the Tools menu –> Internet Options –> Content tab

5) click the Certificates button

6) click the Intermediate Certification Authorities tab

7) find the “Network Solutions Certificate Authority” certificate in the list

8) click the certificate once to highlight, then click Export

9) click Next

10) choose DER Encoded Binary X.509 (.CER)

11) click Next

12) click Browse, and change to the Desktop if not there already

13) in the file name field, type or paste: Network Solutions Certificate Authority

14) click Save, click Next, click Finish.

15) there should now be a file on the Windows desktop with the name 
Network Solutions Certificate Authority.cer
16) copy this file to the Mac in whatever way you normally move files.

Mac Specific Instructions:

17) on the Mac, copy the file to your desktop.

18) in Finder, go to Applications –> Utilities

19) launch Keychain Access

20) open the System keychain and import the certificate

21) restart your Macintosh and then try to access your Citrix Gateway again

You should be healed……

Hope this helps.
Freedom is never free....thank a Service member today.

#21647 - 04/18/12 10:56 PM Re: Citrix Receiver -vs- Corporate IT [Re: MacManiac]
tacit Offline

Registered: 08/03/09
Loc: Portland, Oregon, USA
This problem exists because the brain-dead programmers at Citrix don't use the Mac's Keychain for storing certificates. The Network Solutions certificate is built into Mac OS X, but the knuckle-dragging mouth-breathers laughingly referred to as "programmers" over at Citrix don't know that.

For what it's worth, this page describes how to copy the Network Solutions certificate out of the Keychain and into the Citrix certificate repository.
Photo gallery, all about me, and more:

#21784 - 05/02/12 12:09 PM Re: Citrix Receiver -vs- Corporate IT [Re: tacit]
Virtual1 Offline

Registered: 08/04/09
Loc: Iowa
Originally Posted By: tacit
.. the brain-dead programmers... knuckle-dragging mouth-breathers laughingly referred to as "programmers...

heh.... bad experience somewhere?
I work for the Department of Redundancy Department


Moderator:  joemikeb, MacManiac