cryptography – Intelligent Systems Monitoring

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 – TLS Handshake fails with “Unknown CA”

January 6, 2021January 6, 2021 Citrix Leave a comment

Permanent fix provided in next build ADM 13.0-76.xx and above.

Workaround ::

=====================

Execute one of these commands in ADM CLI to overwrite Certificate attribute retrieval faulty code. Customers can keep the existing LDAP Settings, no need to change anything. External authentication should work correctly now over SSL/TLS Security.

For SSL

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldaps://[ldap_ip]:636 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

For TLS

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldap://[ldap_ip]:389 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

Customers can safely proceed and configure LDAP server with security type TLS/SSL. There wouldn’t be any impact.

Related:

No Related Posts

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 – TLS Handshake fails with “Unknown CA”

January 6, 2021January 6, 2021 Citrix Leave a comment

Permanent fix provided in next build ADM 13.0-76.xx and above.

Workaround ::

=====================

Execute one of these commands in ADM CLI to overwrite Certificate attribute retrieval faulty code. Customers can keep the existing LDAP Settings, no need to change anything. External authentication should work correctly now over SSL/TLS Security.

For SSL

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldaps://[ldap_ip]:636 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

For TLS

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldap://[ldap_ip]:389 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

Customers can safely proceed and configure LDAP server with security type TLS/SSL. There wouldn’t be any impact.

Related:

No Related Posts

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 – TLS Handshake fails with “Unknown CA”

January 6, 2021January 6, 2021 Citrix Leave a comment

Permanent fix provided in next build ADM 13.0-76.xx and above.

Workaround ::

=====================

Execute one of these commands in ADM CLI to overwrite Certificate attribute retrieval faulty code. Customers can keep the existing LDAP Settings, no need to change anything. External authentication should work correctly now over SSL/TLS Security.

For SSL

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldaps://[ldap_ip]:636 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

For TLS

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldap://[ldap_ip]:389 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

Customers can safely proceed and configure LDAP server with security type TLS/SSL. There wouldn’t be any impact.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts

SSL Error 76: “The security certificate was revoked” When Launching an Application Using NetScaler Gateway

January 1, 2021January 1, 2021 Citrix Leave a comment

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

Related:

No Related Posts