Symptoms
When connecting to Secure Gateway from a Macintosh with the native ICA Client, you receive an error message stating that the certificate is not trusted
Example:
"SSL Error 61: You have not chosen to trust 'verisign class 3 secure server CA', the issuer of the server's security certificate. Error #: 183")
Cause
The certificate for the Secure Gateway server is not one of the certificates that is included with the Macintosh Client for OS X. See CTX101702 – List of default public root certificates shipped with the Citrix MAC client. for included certificates.
Resolution
On OS X 10.4 (Tiger), it may be possible to export the certificate from the Macintosh Keychain utility.
1. Open the Keychain Access in the Applications > Utilities folder:
2. Highlight the X509Anchors Keychain in the menu (you may need to authenticate to do this).
3. Browse through the Certificate Authorities to find the one that has issued the certificate being used by the Secure Gateway – for this example, Thawte Premium Server CA:
4. Highlight the certificate and select File > Export from the menu bar:
5. The default File Format should be Certificate (.cer)
Note: You may need to rename the certificate to a .CRT extension for the client to properly identify the certificate.
6. Save the certificate to the ICA Client\keystore\cacerts folder (create this folder if it does not exist):
