Error: “Certificate with key size greater than RSA512 or DSA512 bits not supported” on NetScaler

To resolve this issue, apply any or both of the following resolutions, as required:

After applying the required resolution, the additional ciphers are available and you can add a certificate that has a key size greater than 512 bits. The NetScaler appliance supports certificates with key size 512, 1024, 2048, and 4096 bits.

Related:

  • No Related Posts

Error: “Certificate with key size greater than RSA512 or DSA512 bits not supported” on NetScaler

To resolve this issue, apply any or both of the following resolutions, as required:

After applying the required resolution, the additional ciphers are available and you can add a certificate that has a key size greater than 512 bits. The NetScaler appliance supports certificates with key size 512, 1024, 2048, and 4096 bits.

Related:

  • No Related Posts

Error: “Certificate with key size greater than RSA512 or DSA512 bits not supported” on NetScaler

To resolve this issue, apply any or both of the following resolutions, as required:

After applying the required resolution, the additional ciphers are available and you can add a certificate that has a key size greater than 512 bits. The NetScaler appliance supports certificates with key size 512, 1024, 2048, and 4096 bits.

Related:

  • No Related Posts

Error: “SSL Error 61: You have not chosen to trust 'Certificate Authority'…” on Receiver for Linux

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

  • Upgrade to the latest version of Receiver to verify if this resolves the issue.
  • If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 – Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the server certificate.

Use a root certificate

If you need to authenticate a server certificate that was issued by a certificate authority and is not yet trusted by the user device, follow these instructions before adding a StoreFront store.

  1. Obtain the root certificate in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file to $ICAROOT/keystore/cacerts.
    2. Run the following command:
      $ICAROOT/util/ctx_rehash

Use an intermediate certificate

If your StoreFront server is not able to provide the intermediate certificates that match the certificate it is using, or you need to install intermediate certificates to support smart card users, follow these steps before adding a StoreFront store.

  1. Obtain the intermediate certificate(s) separately in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file(s) to $ICAROOT/keystore/intcerts.
    2. Run the following command as the user who installed the package:
      $ICAROOT/util/ctx_rehash

Related:

  • No Related Posts

Error: “SSL Error 61: You have not chosen to trust 'Certificate Authority'…” on Receiver for Linux

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

  • Upgrade to the latest version of Receiver to verify if this resolves the issue.
  • If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 – Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the server certificate.

Use a root certificate

If you need to authenticate a server certificate that was issued by a certificate authority and is not yet trusted by the user device, follow these instructions before adding a StoreFront store.

  1. Obtain the root certificate in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file to $ICAROOT/keystore/cacerts.
    2. Run the following command:
      $ICAROOT/util/ctx_rehash

Use an intermediate certificate

If your StoreFront server is not able to provide the intermediate certificates that match the certificate it is using, or you need to install intermediate certificates to support smart card users, follow these steps before adding a StoreFront store.

  1. Obtain the intermediate certificate(s) separately in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file(s) to $ICAROOT/keystore/intcerts.
    2. Run the following command as the user who installed the package:
      $ICAROOT/util/ctx_rehash

Related:

  • No Related Posts

Error: “SSL Error 61: You have not chosen to trust 'Certificate Authority'…” on Receiver for Linux

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

  • Upgrade to the latest version of Receiver to verify if this resolves the issue.
  • If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 – Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the server certificate.

Use a root certificate

If you need to authenticate a server certificate that was issued by a certificate authority and is not yet trusted by the user device, follow these instructions before adding a StoreFront store.

  1. Obtain the root certificate in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file to $ICAROOT/keystore/cacerts.
    2. Run the following command:
      $ICAROOT/util/ctx_rehash

Use an intermediate certificate

If your StoreFront server is not able to provide the intermediate certificates that match the certificate it is using, or you need to install intermediate certificates to support smart card users, follow these steps before adding a StoreFront store.

  1. Obtain the intermediate certificate(s) separately in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file(s) to $ICAROOT/keystore/intcerts.
    2. Run the following command as the user who installed the package:
      $ICAROOT/util/ctx_rehash

Related:

  • No Related Posts

Error: “SSL Error 61: You have not chosen to trust 'Certificate Authority'…” on Receiver for Linux

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

  • Upgrade to the latest version of Receiver to verify if this resolves the issue.
  • If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 – Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the server certificate.

Use a root certificate

If you need to authenticate a server certificate that was issued by a certificate authority and is not yet trusted by the user device, follow these instructions before adding a StoreFront store.

  1. Obtain the root certificate in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file to $ICAROOT/keystore/cacerts.
    2. Run the following command:
      $ICAROOT/util/ctx_rehash

Use an intermediate certificate

If your StoreFront server is not able to provide the intermediate certificates that match the certificate it is using, or you need to install intermediate certificates to support smart card users, follow these steps before adding a StoreFront store.

  1. Obtain the intermediate certificate(s) separately in PEM format.

    Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
  2. As the user who installed the package (usually root):
    1. Copy the file(s) to $ICAROOT/keystore/intcerts.
    2. Run the following command as the user who installed the package:
      $ICAROOT/util/ctx_rehash

Related:

  • No Related Posts

Untitled


5. Tell all users who have imported the Organizational CA’scertificate into their browsers as a trusted root to delete thecertificate. Replace this certificate with the self-signedcertificate of the new Organizational CA.

6. Make sure that all services that use certificates, areconfigured to use the new certificates created in step 5. The mostcommon services are LDAP, Portal Server, Web Server, and BorderManager. However, there may be others. Because the SSL CertificateDNS and SSL Certificate IP were simply Rekeyed, and not deleted andrecreated on NetWare and Linux Servers. Services using thesecertificates should not be affected. However if you have to delete acertificate and recreate it, the service may be affected, and mayneed to be relinked to the certificate.

7. Recreate user certificates as desired.

Related:

  • No Related Posts

Untitled


5. Tell all users who have imported the Organizational CA’scertificate into their browsers as a trusted root to delete thecertificate. Replace this certificate with the self-signedcertificate of the new Organizational CA.

6. Make sure that all services that use certificates, areconfigured to use the new certificates created in step 5. The mostcommon services are LDAP, Portal Server, Web Server, and BorderManager. However, there may be others. Because the SSL CertificateDNS and SSL Certificate IP were simply Rekeyed, and not deleted andrecreated on NetWare and Linux Servers. Services using thesecertificates should not be affected. However if you have to delete acertificate and recreate it, the service may be affected, and mayneed to be relinked to the certificate.

7. Recreate user certificates as desired.

Related:

  • No Related Posts