Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error “Could not import the certificate” when uploading external SSL certificate to Citrix Endpoint Management console

To repackage the certificate keystore, rebuild the keystore using the old one.

1. Extract Private key from the old keystore to private-key.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nocerts -out private-key.pem -nodes

2. Extract the certificate to certificate.pem

openssl pkcs12 -in <oldkeystorefile>.pfx -nokeys -out certificate.pem

3. Open certificate.pem in a text editor

Copy 1st Certificate from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_cert.pem

Copy next 2 or more certificates from “—-BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to file called ssl_intermediateandroot.pem

4. Verify ssl cert.

openssl x509 -text -noout -in ssl_cert.pem

5. Verify certificate chain.

openssl x509 -text -noout -in ssl_intermediateandroot.pem

6. Export combined pfx file

openssl pkcs12 -export -out ssl_cert_with_full_chain.pfx -inkey private-key.pem -in ssl_cert.pem -certfile ssl_intermediateandroot.pem

Note: This step will ask for a password.

Related:

  • No Related Posts

Error: “SSL Error 61: You have not chosen to trust 'Certificate Authority'…” on Receiver for Mac

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

  • Upgrade to the latest version of Receiver to verify if this resolves the issue.
  • If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 – Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the Mac client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the Secure Gateway/NetScaler Gateway server certificate.

Complete the following steps to resolve this issue:

  1. Open the Keychain Access in the Applications > Utilities folder:

    User-added image

  2. Highlight the X509 Anchors Keychain in the menu (you might have to authenticate to do this).

  3. Browse through the Certificate Authorities to find the company that has issued the certificate that is being used by the Secure Gateway/NetScaler Gateway – for this example, Thawte Premium Server CA:

    User-added image

  4. Highlight the certificate and select File > Export from the menu bar:

    User-added image

  5. The default File Format should be Certificate (.cer).

    Note: You might need to rename the certificate to a .CRT extension for the client to properly identify the certificate.

  6. Save the certificate to the ApplicationsCitrix ICA Clientkeystorecacerts folder (create this folder if it does not exist):

    User-added image

User-added image

Related:

  • No Related Posts