- This topic is empty.
-
AuthorPosts
-
April 30, 2014 at 9:47 pm #8208
Hi,
I’m getting this error message when connecting with a Xenith to a NetScaler that fronts a StoreFront installation:
“SSL: ERR_SSL_PROTOCOL_RECEIVE_RECORD” followed by “SSL: unable to setup connection, (err=-7533)
I can connect to the same NetScaler via an iOS and Android client, as well as from various Windows machines.
The INI file includes the pushing of the intermediate CA certs and the same config works fine when connecting to the existing CSG/WI instance.
I’m wondering if perhaps a special match expression is needed on the NetScaler.
Maybe something like this:
REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER User-Agent CONTAINS Xenith/
May 2, 2014 at 12:42 am #24720Is there anyone using a Xenith with NetScaler/StoreFront?
I have setup the NetScaler to look for “WTOS” in the HTTP request header so that it directs the Xenith to the StoreFront site. With the latest build (210) of the Xenith firmware, it is supposed to support StoreFront natively, without having to use “legacy” (PNAgent) mode.
May 5, 2014 at 12:59 pm #24726The string has to be
REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER User-Agent CONTAINS WTOS
and has to be “Header-Name=User-Agent”.
If you have more than one policy, you should prioritize it.CG
May 5, 2014 at 10:20 pm #24730Thanks for that info, I had guessed at that same expression after writing up my original post. Unfortunately, it’s still broken.
Do you have any idea what the cause of that SSL error is?
“SSL: ERR_SSL_PROTOCOL_RECEIVE_RECORD” followed by “SSL: unable to setup connection, (err=-7533)
I can’t find anything useful to assist with that on the web…
I tried adding the cert of the enterprise CA to the Xenith too, as that cert is used on the StoreFront installation. That’s just grasping at straws though as the NetScaler should proxy all the SSL traffic anyways, so the client shouldn’t need that cert installed. Also, it works from Android and iOS client which likewise do not have that cert installed.
-
AuthorPosts
- You must be logged in to reply to this topic.