10/13/2019 Citrix Receiver Certificate Fix
I admit, the title is quite specific and will certainly appeal to only a small readership. But anyone who is facing the problem will be, like me, grateful for a solution.
This article explains how to export your existing SSL certificate, import the certificate to another StoreFront server, bind the certificate to Internet Information Services (IIS), and configure StoreFront for HTTPS connections. This article assumes the following typical scenarios:. You have created an SSL certificate on the first server in a StoreFront server group, and you wish to export the certificate for use on the remaining servers in the the group.
(Read to generate and install an SSL certificate on a StoreFront server if you don't have any SSL certificate for your StoreFront server.). You have a wildcard certificate for your domain and wish to use it for your StoreFront server(s). In this article, a wildcard certificate for.mycitrixtraining.net is used to configure the StoreFront base URL to use HTTPS ( Note: If your certificate is not a wildcard certificate, the common name of the certificate must match the Base URL of your StoreFront server group.
If your StoreFront base URL is and you don't want to create a wildcard certificate, then the common name should be: For a wildcard certificate, the common name can be.yourcompany.com in this scenario. Overview diagram of exporting and installing SSL certificate for StoreFront to use HTTPS Export your certificate If you already have your SSL certificate in a.pfx file, skip to. On the server containing the certificate you wish to export, click the Windows icon ( ) and type mmc. Note: The screenshots used in this article were taken on a Windows Server 2012 R2. Images may differ. This opens the Microsoft Management Console. Click File Add/Remove Snap-in.
Select Certificates, then click Add. Select Computer account, and click Next.
Click Finish. The Certificates snap-in has been loaded. Expand Certificates then Personal. Click on Certificates.
Right-click on the certificate to export, and select All Tasks, then Export. Select Yes, export the private key, then click Next. Select the Password: checkbox, then enter and confirm a password to protect the private key. Select a location for the certificate. Click Finish. This creates a.pfx (Personal Information Exchange) file containing the password-protected private key of the certificate. Copy the.pfx to the StoreFront server, or map a drive to the file’s location.
Start the Microsoft Management Console (MMC), and add the Certificates snap-in (see steps 1 to 7 above). Expand Certificates, right-click Personal, select All Tasks, and then click Import. Click Browse.
To locate the certificate. Change the dropdown to look for.pfx files. Highlight the file and click Open. Enter the password used when the certificate was exported. If you want to be able to export the certificate from this server for use on another server, make sure to select Mark this key as exportable. Click Finish.
Click Certificates. Right-click on the certificate and select Properties (or double-click the certificate). Confirm that you have the private key for the certificate. That line must be present for the certificate to function correctly.
Start InetMgr. Expand IIS Manager, right click on Default Web Site, and click Edit Bindings. Note: Do not remove the http binding. Select the Type: dropdown.
![]()
Select https, then select the certificate you just imported. To modify StoreFront to use the SSL certificate, we must change the Base URL. Start StoreFront. StoreFront is not currently using the SSL certificate.
Click Server Group in the left pane. Click Change Base URL. Change http: to https: and click OK. StoreFront is now using the SSL certificate. Repeat on any remaining StoreFront servers in the server group. Additional Resources.
By Theresa Miller So, it was finally time to rollout certificates for your Citrix environment. After doing so, you test your applications by launching your favorite Citrix XenApp Application. To your surprise, the application will not open and returns an SSL Error 61. Now what, what can be done to fix this issue? Check your Trust Root or Intermediate Certificate One of the likely causes is that the PC you are working on is missing it’s Trusted Root or Intermediate Certificate. Your certificate provider can let you know which certificate type they use. How do we make sure these are in place?
This can be done manually per PC as shown in the example below, or automated per the following Microsoft article (Here are the steps to update an individual PC using a Digicert root certificate. Note that these steps would be similar for most certificate providers.
———————————————————————————————— Advertisement: Monitor/Access your virtual servers, workstations & data using Citrix XenDesktop with 24×7 support and a 99.9% uptime guarantee through. To know more about on Citrix XenDesktop, visit. ———————————————————————————————— 1) Open Internet Explorer go to 2) Download the Intermediate Certificate called “DigiCert SHA2 High Assurance Server CA” or the appropriate certificate for your environment and save your PC or a network location 3) Go to Start, Search from your Windows 7 workstation 4) Type MMC and press enter 5) From the menu select, Add/Remove SnapIn 6) Select Certificates and click “Add”, then click OK 7) Choose Computer Account and click Next 8) Choose Local Computer and click finish and click OK 9) Expand Intermediate Certificates and click on Certificates. 10) Right-click on Certificates, then selectAll Tasks, and click Import 11) Click Next on the Certificate Import Wizard 12) Click Browse and go to the location of the downloaded certificate and then click Next 13) Click Next 14) Click Finish 15) Test the application to verify the SSL Error 61 error has gone away If the error didn’t go away or if the certificates were already set the way that should have been, then the next stop is to look at your version of Citrix Receiver. Citrix Receiver Updating to the latest Citrix Receiver version will typically resolve the issue once the certificates are in place. Here is the link to Citrix Receiver for Windows and here is the latest version for a MAC Say Goodbye to SSL Error 61! “Innovative IT” provided through real IT Consulting Solutions for Real IT Problems.
We believe that you should only implement solutions that will solve your organization needs. Our Team consists of globally recognized talent, highly awarded team, and led by Theresa Miller who is one of only a few individuals in the world to hold the following three prestigious virtualization awards: Microsoft Most Valuable Professional (MVP), Citrix Technology Professional (CTP) and VMware vExpert. We offer IT product marketing for your solutions through technical writing, webinars, whitepapers, speaking, and more. To learn more, contact us today!
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |