Results 1 to 14 of 14

Thread: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

  1. #1
    Join Date
    Dec 2008
    Posts
    35

    ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    Hello,

    My client is facing a strange problem.He is using Windows Vista , t when he tries to connect to Citrix server he gets this message

    ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    please tell me how to solve this problem , please help me thanks in advance

  2. #2
    Join Date
    May 2008
    Posts
    2,945

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    for the Linux Client the solution is to have the copy of 8.crt file file , so just copy the *.crt file into the /usr/lib/I​CAClient/key​store/cacert folder ​ after that you should be able to login to the Citrix Server over the Secure Gateway again.

  3. #3
    Join Date
    Apr 2008
    Posts
    3,341

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    You need to install the security certificate.

    This error message appears when users are launching the published applications through Secure Gateway using the MetaFrame Presentation Server Client for Java.This occurs because the client directory does not contain the root certificate to trust that server certificate. The same error message appears when using private or public certificates


    Resolution

    1. Get a copy of the root certificate that pertains to that server sertificate and rename it to Myroot.crt.

    2. Open Windows Explorer on the server running Secure Access Manager and go to C:\Inetpub\wwwroot\AccessCenterName\CDS\ICAWEB\en\icajava.

    3. Place a copy of the renamed root certificate in this location.

    4. Then go to C:\Program Files\Citrix\MetaFrame Secure Access Manager\Bin\Binders and look for the ICAFile.xslt file.

    5. Open the file in Notepad and look for the line that reads <xsl:apply-templates select="icaSLProxyHost"/>.

    6. Right below that line place the following two lines:

    • SSLNoCACerts=1
    • SSLCACert0=myroot.crt


    Important: Be very careful you delete the line that reads SSLNoCACerts=0.

    7. Restart the services on the server running Secure Access Manager.

  4. #4
    Join Date
    May 2008
    Posts
    3,518

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    The required CA Root certificate is not installed on the client device. If you are using a well-known public certification authority such as Verisign, Baltimore, Thawte, or RSA, the required root certificate already exists on the client devices running a recent copy of Windows. However, if you are using your own certificate server to generate server certificates, or if you are using a trial certificate from a CA, you need to install the CA Root certificate on all client devices for them to connect.

  5. #5
    Join Date
    May 2011
    Posts
    1

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I have a more preceise solution to the ssl error 61.

    1. Go to Internet Options->Contents->Certificates->Intermediate Certification Authorities.
    2. Look for Class 3 public primary certification authority as expired.
    3. Click export and save it to your local as "myroot.crt".
    4. Click the crt file to install/import.
    5. A new version of the certificate gets added to the Trusted Root Certification Authorities.
    Try logging into your Citrix web online and IT WORKS!!!!!

  6. #6
    Join Date
    Jan 2012
    Posts
    4

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I have the same error but in mac, please someone help me!!
    I am using Mac OSX Lion
    Thanks in advance for your help

  7. #7
    Join Date
    Jul 2011
    Posts
    267

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I would like to tell you that if you are not having the root certificate installed then you might get this message. So you must check for this thing first.

  8. #8
    Join Date
    Jan 2012
    Posts
    4

    sad Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I added the certificate to my keychain, in this case is from "network...." don't remember the whole name and still i get the message.

  9. #9
    Join Date
    Dec 2007
    Posts
    2,297

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    Quote Originally Posted by poas000 View Post
    I added the certificate to my keychain, in this case is from "network...." don't remember the whole name and still i get the message.
    The below solution was given on a different websites, check if that implies or solves the issue that you are facing:

    1. Go to Keychain Access and find the certificate that is a problem (for me it was Network Solutions Certificate Authority, but it could be any of a number of certificates).

    2. Export the certificate to the desktop (right click/export) Ė it will appear as Network Solutions Certificate Authority.cer

    3. Go to the Citrix folder on the Mac and look for a keystore/cacerts folder.

    4. If the folder isnít there, you will need to create it. To do this, go to Applications/Citrix ICA Client. Create the folder keystore (Right click/new folder). Within that folder, create the folder cacerts. The path will be Applications/Citrix ICA Client/keystore/cacerts.

    5. Copy the certificate exported from Keychain earlier (Network Solutions Certificate Authority.cer) to the Applications/Citrix ICA Client/keystore/cacerts folder. Some sources say you need to change the extension to .crt (so in the example, this would be Network Solutions Certificate Authority.crt), but that didnít work for me. The .cer extension did.

    Now you should be able to access the VPN through its usual website on Firefox.

  10. #10
    Join Date
    Jan 2012
    Posts
    4

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    i don't know it this matters, but in my applications folder i don't have it as Citrix ICA CLient. i don't know if it has to do with the new update that it looks different, but anyway, i did a right click in the citrix, and added the folder as you said, and still doesn't work.

  11. #11
    Join Date
    Jan 2012
    Posts
    4

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I forgot to mention that i have that same Network Solutions Certificate Authority

  12. #12
    Join Date
    May 2012
    Posts
    2

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    I have the same issue, I have actually copied the "Citrix" folder I found (using spotlight) and copied it in Applications, and changed the name, but it is not fixing the issue.
    Poas000 where u able to fix your issue?

    I even found the certificates "godaddy" and "Network Solutions Certificate Authority.cer" and changed the settigns to "always allowed" in the keychain, but nothing.
    then I exported it to desktop, and copied it in the folder keychain/cacerts like Einstein suggests, but still nothing...
    That's insane !!!

  13. #13
    Join Date
    Dec 2007
    Posts
    1,742

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    Have you tried fixing this issue by downloading and installing the intermediate certs on client, and if that dosent work then the real issue/fix may be on the server itself. Take a look at the web server and make sure to install the appropriate intermediate/chain certs for your certificate, and restart your server.

  14. #14
    Join Date
    May 2012
    Posts
    2

    Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

    since I am not a client, but an employee of the company using citrix I have no control over the server, now the IT guy told me to check the http address, it had a vpn2, and he told me they have issue with this, so I only removed the 2 and connected to vpn... and I was able to launch the app... Anybody working for CSC may want to try that !!
    Cheers it works !

Similar Threads

  1. Replies: 3
    Last Post: 21-06-2013, 11:14 AM
  2. Replies: 3
    Last Post: 05-06-2012, 10:57 AM
  3. Replies: 3
    Last Post: 14-07-2009, 11:01 AM
  4. Replies: 1
    Last Post: 07-07-2008, 08:29 AM
  5. Security Certificate Trust Problem
    By Kalav in forum Windows XP Support
    Replies: 2
    Last Post: 16-05-2008, 02:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •