ssl error 61 with root cert installed on the client pc ??? 1

[8624]

Here's the complete scenario...

We run a root AD structure with two child domains, two mf server farms (one in each of the child domains) in win2k sp4 environ....we run WI2.0, CSG2.0 and WIE (to manage the multiple server farms/domains)...

All was running well...We installed some new certificates on the Domain Controllers for one of the Domains to allow user's to be able to change passwords using WIE in accordance with the WIE Admin guide...Since that time, this SSL error 61 has occurred and it is occurring in both server farms (separate domains)

From my home computer and my work computer, I have no difficulty...From Ernest's home and work computers he gets ssl error 61 (along with most of our users as well)...Same certificates installed on the client machines, same version of the ICA client

I have since removed the certificates from the DC's to hopefully get us back to where we were prior to the problem...

I have checked the link you provided and read through it...

Citrix Secure Gateway acts as an SSL server, so Server Authentication (1.3.6.1.5.5.7.3.1) must be listed among the designated key uses if any are present. If the Extended Key Usage field is not present in the certificate, the certificate may be considered valid.

My certificate has NO Extended Key Usage field...There is a "Key Usage" field that lists (Digital Signature, Key Encypherment(A0))... This very certificate has been functioning until what appears yesterday afternoon...

I admit, I'm not savy with these certificates...It's relatively new to me...I do know if they arent right, you run into all sorts of problems with them...

Does this shed any further light on the issue in your mind???

Sorry for the no points...i'll catch you next time...promise

 

[mitchero]

Who did you purchase the certificates from? What OS are the clients that get the SSL 61 eror?

 

[8624]

I work for the nave and we got the cert for the dod website.
the client are using windows 2000 PRO wil that help
i am one of the users getting the error, but i can connect direct the the server via the ica client,but when i login via the web interface, i get an ssl error 61

 

[mitchero]

I started seeing SSL error 61s when VeriSign's CA cert expired in January. Is the cert for the DOD site from VeriSign? If so, you will need to go to Verisgn's website and update the CA cert on your CSG, WI, and STA servers.

 

[sboggs]

We just experienced this issue also, but not for all users. We found that updating the IE version to 6, SP1 worked.

 

[mitchero]

PCs with Window 98/95 must update their IE in order to obtain the latest CA certs or they will continue to get the SSL error 61. With Win2k/2k3 you are able to import the CA with the mmc certificate snap-in...which 98/95 does not have...thus the requirement to update IE.

 

[8624]

We run a root AD structure with two child domains, two mf server farms (one in each of the child domains) in win2k sp4 environ....we run WI2.0, CSG2.0 and WIE (to manage the multiple server farms/domains)...

I have am having a problem with the WIE. When user login via the wie they get the following error there a currently no application available
I have checked that each user is assigned is a member of the security group for the application, and I Have no ideal what is going on here. I clicked refreshed IN THE WIE website several times nothing happen.

I am lost on this one

I admit, I'm not savvy with these WIE It's relatively new to me

Does this shed any further light on the issue in your mind???