Secure Mail Error: "Cannot Safely connect to the server. The server certificate is not trusted."

Secure Mail Error: "Cannot Safely connect to the server. The server certificate is not trusted."

book

Article ID: CTX205130

calendar_today

Updated On:

Description

New Users: When attempting to connect to Secure Mail, new users encounter the following error message: "Cannot safely connect to the server. The server's certificate is not trusted."

Already Enrolled Users: Already enrolled users experience the error message: "Access to your company network is not currently available."

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

Solution 1: Resolving Certificate Issues

  1. Ensure SSL Certificate Acceptance: Make sure the option "Accept all SSL certificates" is enabled within the MDX policy for Secure Mail.
     

  2. Verify Certificate Chain: If the SSL certificate has been recently renewed, ensure that the certificate is linked to both the intermediate and root certificates on the NetScaler Gateway. Follow these steps:

    1. Navigate to NetScaler > Traffic Management > SSL > Server Certificate.
    2. Select the certificate and choose "Cert Links" under actions.

 

User-added image
 

  1. If the result is empty, it indicates a missing certificate chain.
 

User-added image
 

  1. If the intermediate and root certificates are uploaded and valid, link them to the certificate. Go to NetScaler > Traffic Management > SSL > Server Certificate, select the certificate, and choose "Link" under actions. Select the intermediate certificate.
 

User-added image

 

  1. Similarly, go to NetScaler > Traffic management > SSL > CA certificate select the certificate link on the link and link the intermediate to root if not done already 

 

Solution 2: Removing Affected CA Certificate
 

  1. Navigate to Citrix Gateway: Access the NetScaler and go to Citrix Gateway > Virtual Servers.

  2. Open XenMobile vServer Settings: Open the settings for the XenMobile vServer.

  3. Certificate Section: Within the certificate section, locate and remove the CA certificate causing the issue.

 

Problem Cause

Problem Cause 1:

  • The "Accept all SSL certificates" option is unchecked in Secure Mail MDX policy settings. 
  • NetScaler Gateway server certificate is not linked.

Problem Cause 2:
  • Incorrect Root CA bound to vServer, not matching linked certificates.

Issue/Introduction

This article outlines the necessary steps to address the error message "Cannot safely connect to the server. The server certificate is not trusted" encountered when launching Secure Mail.

Additional Information

How to Install an Intermediate Certificate on NetScaler Gateway

SSL Certificate Checker

 

Powered by Wolken Software