When launching an application using NetScaler Gateway, you receive the following error message:
"SSL Error 76: The security certificate "FQDN" (serial number XXXXXXXXXXXXX) was revoked by "CA_Name". (Reason: REASON_FOR_REVOKING)"

Complete the following steps to resolve the issue:

1. If you have not updated the old certificate for the newly issued one, unbind it from the virtual server and update the certificate definition.

2. If after updating the certificate, you still receive the error, erase the contents of the following folder under the user’s profile:
   %userprofile%\<username>\Application Data\Microsoft\CryptnetUrlCache

For Windows 10, folder path is "C:\Users\<UserName>\AppData\LocalLow\Microsoft\CryptnetUrlCache"

3. If you are still receiving the errors, delete the machine Crypto cache that is located in the following directory:
   %WINDIR%\System32\config\SystemProfile\Application Data\Microsoft\CryptnetUrlCache
   For Windows 10, folder path is "C:\WINDOWS\System32\config\SystemProfile\AppData\LocalLow\Microsoft\CryptnetUrlCache"

   

   These folders contain the Crypto API Cache that is used by applications that employ crypto libraries that the operating system provides for certificate processing.

Problem Cause

SSL error 76 occurs when a certificate is revoked and it is part of a Certificate Revocation List (CRL). If the revoked certificate is still in use, the ICA client displays this error.

However, even after replacing the certificate with a valid one, the error could still occur. This might happen because of cached CRLs in the user’s profile or machine cache that still identify the certificate as revoked.

For a reference to SSL error codes for XenApp, refer to CTX113309 - Citrix Client SSL Error Codes.

For more information on the Crypto API and the certificate revocation and status checking process, refer to the Microsoft article - Certificate Revocation and Status Checking.