Common causes of SSL errors, from the client side:
1. Ensure that your systems date/time is correct.
2. Ensure that you are running the latest service pack and hotfixes
3. Ensure that you apply any “optional” root cert updates from the Windows update site.
4. Ensure that the Citrix ICA client is up to date and any older versions are removed.
5. If using Java, ensure that you are on the latest version of Sun Java.
6. Disable any local firewalls to ensure that a mis-configuration is not interfering with access to the Citrix servers.
7. Disable the VPN client prior to connecting to Citrix
8. Attempting to access Citrix from another organizations network that may not permit such access. (Usually they are running a proxy server that brokers Internet access)
SSL Error 15: SSL security contact is invalid or expired
Resolution: Ensure that the Citrix ICA client is current. Also ensure all other Citrix client versions are removed. Look in Add/Remove programs for anything related to Citrix or Metaframe and uninstall those instances. Then install the latest version of the Citrix ICA client.
SSL Error 29: Proxy denied access to port 1494 STA… from Web Resource in an Advanced Access Control Farm.
Resolution: Escalate to the Citrix team for immediate attention
SSL Error 37: Cannot connect to the citrix Metaframe server. There is no route from the Citrix SSL Relay to the specified subnet address.
Resolution: Escalate to the Citrix team for immediate attention
SSL Error 40: The Citrix SSL relay name could not be resolved
Resolution: Check local software firewalls. Norton 360, Symantec Security Suite and ZoneAlarm have been known to cause problems when incorrectly configured
SSL Error 45: The Citrix Relay sent an alert. Please contact your Citrix Administrator
Resolution: ?
SSL Error 49: The Remote SSL peer sent a bad certificate alert
Resolution: Ensure all other Citrix client versions are removed. Look in Add/Remove programs for anything related to Citrix or Metaframe and uninstall those instances. Then install the latest version of the Citrix ICA client.
SSL Error 55: The remote SSL peer sent an unrecognized alert
Resolution: The SSL Error 55 is caused by an invalid (or missing root) certificate. Ensure that the date/Time on your workstation is correct and that you have all the latest patches AND root cert updates.
SSL Error 59: Security alert: The name on the security certificate does not match the name of the server
Resolution: User has a VPN client installed and needs to disable this service before connecting to CITGO. Also check local software firewalls. Norton 360 and ZoneAlarm have been known to cause problems when incorrectly configured. Ensure the last Service Packs, hotfixes and root certs have been updated.
SSL Error 61: The server certificate received is not trusted
Resolution: Ensure that the date/Time on your workstation is correct and that you have all the latest patches AND root cert updates.
SSL Error 68: the SSL certificate is not yet valid
Resolution: Ensure that the date/Time on your workstation is correct and that you have all the latest patches AND root cert updates.
SSL Error 70: The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator.
Resolution: Single user incident, ensure that the date/Time on your workstation is correct and that you have all the latest patches AND root cert updates. Multiple user incident, escalate to the Citrix team for immediate attention.
Also reported: Create an exception in Windows Firewall for IE, per below. If this works, please report the incident to level 2 support for further evaluation.
SSL Error 73: One or more of the root certificates in the keystore are not valid
While not confirmed to resolve the issue, the Macintosh root certificate was determined to be in a CER format. Mac certificates need to be in a DER format with an extension of « .crt ».
-Or –
On the Macintosh, the root certificate has been copied properly to the keystore/cacerts folder, but the user is receiving the above SSL Error when trying to connect. (See CTX104638 for resolution)
SSL Error 78: Certificate could not be checked for Revocation. Cannot connect to the citrix metaframe server.
Resolution: The client device does not have an installed or registered DLL for verifying the Certificate Revocation List (CRL). The Win9x/WinNT 4 operating systems do not support CRL checking. Additionally, ensure that the latest Citrix client is installed. If using an older OS, it might be possible to use the Java client to work around this issue. Uninstall the ICA client and do not install the ICA client when prompted. This will default you to the Java client.
