Error: "SSL/TSL Error: The certificate validation failed"

Error: "SSL/TSL Error: The certificate validation failed"

book

Article ID: CTX124825

calendar_today

Updated On:

Description

When connecting to published resource through Citrix Secure Gateway, the ICA Java client reports the following error message:

SSL/TSL error: The certificate validation failed.

User-added image

Resolution

Request or renew a new certificate from the Certificate Authority (CA).

In this case, the client certificate is due to expire and was initially requested while the CA was still issuing Certificates where the Root CA certificate was signed with the MD2 algorithm.

Problem Cause

The Root Certificate for the SSL Certificate that Citrix Secure Gateway uses is signed with the MD2 algorithm. The MD2 algorithm has been disabled in Java JRE 1.6.0_18 and higher.

Issue/Introduction

This article provides a resolution for the error “SSL/TSL error: the certificate validation failed.” reported by ICA Java client when connecting to published resource through Citrix Secure Gateway.

Additional Information

Error Stack Trace
com.citrix.sdk.jsse.CitrixSSLException: The certificate validation failed. 
at com.citrix.sdk.jsse.SocketFactory.createSslSocket(Unknown Source)

Figure 1 - SSL Certificate for the site. Certificate path to the root CA

 User-added image

Figure 2 – Root CA in question

User-added image

Figure 3 – Root CA Certificate is signed with a defunct algorithm.

User-added image

Powered by Wolken Software