Problem
One of these followings messages may appear:
"Cannot connect to the Citrix Presentation Server"
"Certificate not trusted when ICA Mac Client connects to Secure Gateway"
"Certificate not trusted when connecting to Secure Gateway" (SSL Error 61)
Cause
The SSL certificate hosted on the Secure Gateway is issued by a CA who’s public root certificate is not shipped with Citrix Mac Client.
Resolution
Place a copy of the required CA Root in the keystore\cacerts directory of the Mac Client to connect through the Citrix Secure Gateway.
How to export a CA root certificate on OS X 10.4:
1. Open the Keychain Access in the Applications and Utilities folder.
2. Highlight the X509 Anchors Keychain in the menu.
3. Navigate through the Certificate Authorities to find the required CA root used with the SSL Certificate which is applied to the Secure Gateway.
4. Highlight the certificate and select File, then Export from the menu bar.
5. The default File Format should be .cer. Save this file to the ICA Client\keystore\cacerts
List of default root certificates included in the ICA Macintosh Client:
- BTCTRoot.crt - Issued by Baltimore CyberTrust RootClass3
- PCA_G2_v2.crt - Issued by VeriSign, Inc.
- Class4PCA_G2_v2.crt - Issued by VeriSign, Inc.
- GTECTGlobalRoot.crt - Issued by GTE CyberTrust Global Root
- GTECTRoot.crt - Issued by GTE CyberTrust Root
- Pcs3ss_v4.crt - Issued by Class 3 Public primary Certification Authority
- Pcs3ss_v4.crt - Issued by Class 3 Public primary Certification Authority