Citrix Cloud Connector Installation does not complete: Unable to validate certificate chain

The Root and Intermediate Certificate authority used to sign the Citrix Cloud Connector need to be trusted on the local machine where the Citrix Cloud Connector is being installed. Cloud Connector binaries and endpoints that the Cloud Connector contacts are protected by X.509 certificates issued by DigiCert, a widely respected enterprise certificate authority (CA). DigiCert employs Certificate Revocation List (CRL) servers using HTTP on port 80 instead of HTTPS on port 443 to verify these certificates during Cloud Connector installation. Cloud Connector components, themselves, do not communicate over external port 80. The need for external port 80 is a byproduct of the certificate verification process that the operating system performs.

Here is the primary way to resolve this issue:

Installing the certificate

  1. Open the MMC certificate store on the Citrix Cloud Connector exhibiting the behavior

    https://msdn.microsoft.com/en-us/library/ms788967(v=vs.110).aspx. Make sure to select the Computer account option when prompted by the Certificates snap-in.

  2. Navigate to https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt and download the Root certificate.

  3. Open the certificate and choose “Install Certificate…”

  4. Ensure that the “local machine” option is targeted

  5. Validate that the Root certificate shows up under the proper Certificate Store

  6. Navigate to https://dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt and download the Intermediate certificate.

  7. Open the certificate and choose “Install Certificate…”

  8. Ensure that the “local machine” option is targeted

  9. Validate that the Intermediate certificate shows up under the proper Certificate Store.

Related:

  • No Related Posts

Leave a Reply