Citrix Single Sign-On (Password Self-Service) via WTOS

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #7865
    Avatarxenodamus
    Member
    • Total Post: 15
    • Regular Joe
    • ★★

    I’m trying to implement a Citrix SSO server that will allow our users to perform password self-service functions from WTOS. I’ve done the following:

    – Installed SSO/Self-Service components on a server
    – Issued an SSL certificate for the new box using our internal CA
    – Configured the self-service field within WTOS

    When I try to use the function, WTOS event logs shows:
    SSL: error ERR_CERT_EXPIRED!
    SSL: unable to setup connection, (err=7606)

    A messsage pops up at the bottom corner stating “CERT EXPIRED”. I just issued the cert, though, and it’s good from today through 2015. Anyone else have an implementation of Citrix SSO/Password Manager using WTOS?

    #23880
    ConfGenConfGen
    Keymaster
    • Total Post: 9912
    • Jedi Master
    • ★★★★★★★

    How did you install the cert on the unit?

    CG

    #23888
    Avatarxenodamus
    Member
    • Total Post: 15
    • Regular Joe
    • ★★

    I placed it in the cacerts directory on our tftp server and referenced it in the terminal.ini file using “AddCertificate=”. That didn’t seem to make a difference, though.

    The cert I was using came from an internal CA, so I decided to try it with a publicly trusted, wildcard certificate that was purchased for our domain. (*.domain.com) I did the same for that one, referencing it in the ini file, and the expiration message is gone.

    I can only assume there was something wrong with the process I used to generate that interally authorized certificate. I’m not sure what, though. I followed specific instructions in Citrix’ documentation.

    #23893
    ConfGenConfGen
    Keymaster
    • Total Post: 9912
    • Jedi Master
    • ★★★★★★★

    What format does the cert has?

    CG

    #23928
    Avatarxenodamus
    Member
    • Total Post: 15
    • Regular Joe
    • ★★

    It was a .cer file I believe.

    #23935
    ConfGenConfGen
    Keymaster
    • Total Post: 9912
    • Jedi Master
    • ★★★★★★★

    Remove the cert from the client and rename it to *.crt. Then reinstall it.

    CG

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.