Receiver for Mac
Receiver for Android
Citrix Receiver Macos Mojave Not Working
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
This issue may be caused by an out-of-date intermediate certificate installed at NetScaler Gateway. This does not mean that the CA certificates currently being used is expired but the CA has since released newer versions of that certificate.
Verify the certificate bindings at the NetScaler Gateway to resolve this issue.
To confirm this, visit the NetScaler Gateway website using a web browser, and examine the certificate chain in the web browser. You may wish to cross-check this by repeating with more than one web browser (such as with Google Chrome and Mozilla Firefox). Then, compare all the certificates in the browser's certificate chain with the certificate chain at NetScaler Gateway.
Note: Compare all the serial numbers in the certificates and not just the Subject Name. If there are any mismatches in intermediate certificates, this is a possible cause.
Update NetScaler Gateway with the corresponding intermediate certificates, as they appear in the web browser. You can export the intermediate certificates from the web browser. If you used more than one web browser, it is possible that they yield different certificate chains. If so, use the newer certificate chain.
Citrix Receiver For Mac Os Mojave 10.14.6
For more information about installing and linking an intermediate certificate with Primary CA on a NetScaler Gateway appliance, refer to CTX114146.
Problem Cause
The Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Linux 13.6 and newer versions are going to validate the root certificates even if it trusts the intermediate, which is not the case with the browsers. If the browser trusts the intermediate, it trusts the server certificate, without going down to the root certificate and will display the newer version of the root from its certificate store and not the actual root certificate sent by the server or NetScaler Gateway.
In Receiver for Android 3.12.2, joint server certificate validation is turned off by default. If this policy is enabled in the Receiver without the correct set of certificates configured on the server/gateway, users may see the error message.
Additional Resources
CTX221453 - Citrix Receiver - SSL Error when connecting via NetScaler
Citrix Documentation - Receiver for Mac, Receiver for Android
CTX114146 - How to Install and Link Intermediate Certificate with Primary CA on NetScaler Gateway
Receiver for Mac
Receiver for Android
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
This issue may be caused by an out-of-date intermediate certificate installed at NetScaler Gateway. This does not mean that the CA certificates currently being used is expired but the CA has since released newer versions of that certificate.
Verify the certificate bindings at the NetScaler Gateway to resolve this issue.
To confirm this, visit the NetScaler Gateway website using a web browser, and examine the certificate chain in the web browser. You may wish to cross-check this by repeating with more than one web browser (such as with Google Chrome and Mozilla Firefox). Then, compare all the certificates in the browser's certificate chain with the certificate chain at NetScaler Gateway.
Note: Compare all the serial numbers in the certificates and not just the Subject Name. If there are any mismatches in intermediate certificates, this is a possible cause.
Update NetScaler Gateway with the corresponding intermediate certificates, as they appear in the web browser. You can export the intermediate certificates from the web browser. If you used more than one web browser, it is possible that they yield different certificate chains. If so, use the newer certificate chain.For more information about installing and linking an intermediate certificate with Primary CA on a NetScaler Gateway appliance, refer to CTX114146.
Citrix Receiver For Mac Os Mojave
Problem Cause
The Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Linux 13.6 and newer versions are going to validate the root certificates even if it trusts the intermediate, which is not the case with the browsers. If the browser trusts the intermediate, it trusts the server certificate, without going down to the root certificate and will display the newer version of the root from its certificate store and not the actual root certificate sent by the server or NetScaler Gateway.
In Receiver for Android 3.12.2, joint server certificate validation is turned off by default. If this policy is enabled in the Receiver without the correct set of certificates configured on the server/gateway, users may see the error message.
Additional Resources
Citrix Receiver Mac Os X Mojave
CTX221453 - Citrix Receiver - SSL Error when connecting via NetScaler
Citrix Documentation - Receiver for Mac, Receiver for Android
CTX114146 - How to Install and Link Intermediate Certificate with Primary CA on NetScaler Gateway