Secure Mail Error: "Cannot Safely connect to the server. The server certificate is not trusted."
book
Article ID: CTX205130
calendar_today
Updated On:
Description
New Users: When attempting to connect to Secure Mail, new users encounter the following error message: "Cannot safely connect to the server. The server's certificate is not trusted."
Already Enrolled Users: Already enrolled users experience the error message: "Access to your company network is not currently available."
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Resolution
Solution 1: Resolving Certificate Issues
-
Ensure SSL Certificate Acceptance: Make sure the option "Accept all SSL certificates" is enabled within the MDX policy for Secure Mail.
-
Verify Certificate Chain: If the SSL certificate has been recently renewed, ensure that the certificate is linked to both the intermediate and root certificates on the NetScaler Gateway. Follow these steps:
- Navigate to NetScaler > Traffic Management > SSL > Server Certificate.
- Select the certificate and choose "Cert Links" under actions.

- If the result is empty, it indicates a missing certificate chain.

- If the intermediate and root certificates are uploaded and valid, link them to the certificate. Go to NetScaler > Traffic Management > SSL > Server Certificate, select the certificate, and choose "Link" under actions. Select the intermediate certificate.

- Similarly, go to NetScaler > Traffic management > SSL > CA certificate select the certificate link on the link and link the intermediate to root if not done already
Solution 2: Removing Affected CA Certificate
-
Navigate to Citrix Gateway: Access the NetScaler and go to Citrix Gateway > Virtual Servers.
-
Open XenMobile vServer Settings: Open the settings for the XenMobile vServer.
-
Certificate Section: Within the certificate section, locate and remove the CA certificate causing the issue.
Problem Cause
Problem Cause 1:
- The "Accept all SSL certificates" option is unchecked in Secure Mail MDX policy settings.
- NetScaler Gateway server certificate is not linked.
Problem Cause 2:
- Incorrect Root CA bound to vServer, not matching linked certificates.
Issue/Introduction
This article outlines the necessary steps to address the error message "Cannot safely connect to the server. The server certificate is not trusted" encountered when launching Secure Mail.
Was this article helpful?
thumb_up
Yes
thumb_down
No