Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



ssl error 61: you have not chosen to trust the issuer of the server's security certificate

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 01-09-2009
Member
 
Join Date: Dec 2008
Posts: 35
ssl error 61: you have not chosen to trust the issuer of the server's security certificate
  

Hello,

My client is facing a strange problem.He is using Windows Vista , t when he tries to connect to Citrix server he gets this message

ssl error 61: you have not chosen to trust the issuer of the server's security certificate

please tell me how to solve this problem , please help me thanks in advance

Reply With Quote
  #2  
Old 01-09-2009
Member
 
Join Date: May 2008
Posts: 2,944
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

for the Linux Client the solution is to have the copy of 8.crt file file , so just copy the *.crt file into the /usr/lib/I​CAClient/key​store/cacert folder ​ after that you should be able to login to the Citrix Server over the Secure Gateway again.
Reply With Quote
  #3  
Old 01-09-2009
Member
 
Join Date: Apr 2008
Posts: 3,336
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

You need to install the security certificate.

This error message appears when users are launching the published applications through Secure Gateway using the MetaFrame Presentation Server Client for Java.This occurs because the client directory does not contain the root certificate to trust that server certificate. The same error message appears when using private or public certificates


Resolution

1. Get a copy of the root certificate that pertains to that server sertificate and rename it to Myroot.crt.

2. Open Windows Explorer on the server running Secure Access Manager and go to C:\Inetpub\wwwroot\AccessCenterName\CDS\ICAWEB\en\icajava.

3. Place a copy of the renamed root certificate in this location.

4. Then go to C:\Program Files\Citrix\MetaFrame Secure Access Manager\Bin\Binders and look for the ICAFile.xslt file.

5. Open the file in Notepad and look for the line that reads <xsl:apply-templates select="icaSLProxyHost"/>.

6. Right below that line place the following two lines:
  • SSLNoCACerts=1
  • SSLCACert0=myroot.crt

Important: Be very careful you delete the line that reads SSLNoCACerts=0.

7. Restart the services on the server running Secure Access Manager.
Reply With Quote
  #4  
Old 01-09-2009
Member
 
Join Date: May 2008
Posts: 3,514
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

The required CA Root certificate is not installed on the client device. If you are using a well-known public certification authority such as Verisign, Baltimore, Thawte, or RSA, the required root certificate already exists on the client devices running a recent copy of Windows. However, if you are using your own certificate server to generate server certificates, or if you are using a trial certificate from a CA, you need to install the CA Root certificate on all client devices for them to connect.
Reply With Quote
  #5  
Old 10-05-2011
Member
 
Join Date: May 2011
Posts: 1
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I have a more preceise solution to the ssl error 61.

1. Go to Internet Options->Contents->Certificates->Intermediate Certification Authorities.
2. Look for Class 3 public primary certification authority as expired.
3. Click export and save it to your local as "myroot.crt".
4. Click the crt file to install/import.
5. A new version of the certificate gets added to the Trusted Root Certification Authorities.
Try logging into your Citrix web online and IT WORKS!!!!!
Reply With Quote
  #6  
Old 20-01-2012
Member
 
Join Date: Jan 2012
Posts: 4
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I have the same error but in mac, please someone help me!!
I am using Mac OSX Lion
Thanks in advance for your help
Reply With Quote
  #7  
Old 20-01-2012
Member
 
Join Date: Jul 2011
Posts: 263
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I would like to tell you that if you are not having the root certificate installed then you might get this message. So you must check for this thing first.
Reply With Quote
  #8  
Old 20-01-2012
Member
 
Join Date: Jan 2012
Posts: 4
sad Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I added the certificate to my keychain, in this case is from "network...." don't remember the whole name and still i get the message.
Reply With Quote
  #9  
Old 20-01-2012
Member
 
Join Date: Dec 2007
Posts: 2,273
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

Quote:
Originally Posted by poas000 View Post
I added the certificate to my keychain, in this case is from "network...." don't remember the whole name and still i get the message.
The below solution was given on a different websites, check if that implies or solves the issue that you are facing:

Quote:
1. Go to Keychain Access and find the certificate that is a problem (for me it was Network Solutions Certificate Authority, but it could be any of a number of certificates).

2. Export the certificate to the desktop (right click/export) Ė it will appear as Network Solutions Certificate Authority.cer

3. Go to the Citrix folder on the Mac and look for a keystore/cacerts folder.

4. If the folder isnít there, you will need to create it. To do this, go to Applications/Citrix ICA Client. Create the folder keystore (Right click/new folder). Within that folder, create the folder cacerts. The path will be Applications/Citrix ICA Client/keystore/cacerts.

5. Copy the certificate exported from Keychain earlier (Network Solutions Certificate Authority.cer) to the Applications/Citrix ICA Client/keystore/cacerts folder. Some sources say you need to change the extension to .crt (so in the example, this would be Network Solutions Certificate Authority.crt), but that didnít work for me. The .cer extension did.

Now you should be able to access the VPN through its usual website on Firefox.
Reply With Quote
  #10  
Old 20-01-2012
Member
 
Join Date: Jan 2012
Posts: 4
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

i don't know it this matters, but in my applications folder i don't have it as Citrix ICA CLient. i don't know if it has to do with the new update that it looks different, but anyway, i did a right click in the citrix, and added the folder as you said, and still doesn't work.
Reply With Quote
  #11  
Old 20-01-2012
Member
 
Join Date: Jan 2012
Posts: 4
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I forgot to mention that i have that same Network Solutions Certificate Authority
Reply With Quote
  #12  
Old 09-05-2012
Member
 
Join Date: May 2012
Posts: 2
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

I have the same issue, I have actually copied the "Citrix" folder I found (using spotlight) and copied it in Applications, and changed the name, but it is not fixing the issue.
Poas000 where u able to fix your issue?

I even found the certificates "godaddy" and "Network Solutions Certificate Authority.cer" and changed the settigns to "always allowed" in the keychain, but nothing.
then I exported it to desktop, and copied it in the folder keychain/cacerts like Einstein suggests, but still nothing...
That's insane !!!
Reply With Quote
  #13  
Old 09-05-2012
Member
 
Join Date: Dec 2007
Posts: 1,729
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

Have you tried fixing this issue by downloading and installing the intermediate certs on client, and if that dosent work then the real issue/fix may be on the server itself. Take a look at the web server and make sure to install the appropriate intermediate/chain certs for your certificate, and restart your server.
Reply With Quote
  #14  
Old 09-05-2012
Member
 
Join Date: May 2012
Posts: 2
Re: ssl error 61: you have not chosen to trust the issuer of the server's security certificate

since I am not a client, but an employee of the company using citrix I have no control over the server, now the IT guy told me to check the http address, it had a vpn2, and he told me they have issue with this, so I only removed the 2 and connected to vpn... and I was able to launch the app... Anybody working for CSC may want to try that !!
Cheers it works !
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "ssl error 61: you have not chosen to trust the issuer of the server's security certificate"
Thread Thread Starter Forum Replies Last Post
Google Chrome error "The server's security certificate is revoked" Dwij Technology & Internet 3 21-06-2013 12:14 PM
Chrome 18 error "SSL Security Error: Invalid Server Certificate" Naila Technology & Internet 3 05-06-2012 11:57 AM
You have not chosen to trust thawte server ca" the issuer of the server's security certificate" Ximen Networking & Security 3 14-07-2009 12:01 PM
The server you are connected to is using a security certificate Error Mr.Dean Windows Vista Mail 1 07-07-2008 09:29 AM
Security Certificate Trust Problem Kalav Windows XP Support 2 16-05-2008 03:33 AM


All times are GMT +5.5. The time now is 03:18 PM.