SSL Unknown Erros with Wyse C10LE

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #7340
    wscit
    Member
    • Total Post: 3
    • Newbie

    Hi guys

    We just rolled out a Server 2008 R2 Environment for our Remote desktop services, 1x gateway server, 1x broker server, 3x session host servers

    We use round-robin DNS for clients connecting to the farm, which directs them to the next server

    Im not sure what the broker server exactly does for internal clients, but i know it brokers clients for our external clients, and RDweb access

    Now, i setup the Wyse WTOS to connect to remote desktop services by selecting “Remote Connections” t hen “Microsoft” and putting in my broker server name, lets call it broker1 for now.

    When i try connect i get a message saying

    SSL Connection to “broker1”
    SSL UNKNOWN CERTIFICATE AUTHORITY

    When i read more of the logs, i see the following errors

    SSL: error ERR_SSL_UNKNOWN_CERTIFICATE_AUTHORITY
    SSL: unable to setup a connection, (err=-7517)

    Why am i getting this? the servers all have an internal certificates issues by our internal Certificate server. For external connectivity our GW server has a published cert

    Windows Embedded terminals do not get this as we can join them to the domain and i assume they get the correct certificates required

    Do i have to manually import them, if so, what ones do i need? WTOS dosnt say

    #22294
    jamesjhughes
    Participant
    • Total Post: 22
    • Regular Joe
    • ★★

    You have to deploy your root cert to the WTOS devices.

    Copy the certificate to the cacerts folder on your FPT server.

    In the wnos.ini add the line
    AddCertificate=filename

    You can also add a user name and password if your cert stored as a PFX secured file

    From the ini guide:

    AddCertificate=filename
    AddCertificate — Specifies a certificate file residing in the subfolder cacerts
    under the wnos folder to load on the nand flash device (on platforms with
    nand flash), or on the memory. The length of the filename, including the
    trailing period and the file extension, is limited to 64 characters.
    This is required when configuring the Citrix Secure Gateway PNAgent
    Interface (PNAgent/Lite servers) in the Network Setup dialog box. Adding
    certificates are required if the user CSG environments use certificate agents that are not covered by the built-in certificates. The certificates are used to validate server identities by the thin client.
    Supported files include .crt file on ICA CSG; .cer and .pfx in 802.1x.

    password={plain text password}
    Password-enc={encrypted password}

    HTH

    Regards

    James

    #22295
    wscit
    Member
    • Total Post: 3
    • Newbie

    Can you please advise what the rooc certificate is?

    Is there a master certificate that holds all the information for my RDS servers? or do i ineed to export each server certeficate? or just the broker server cert ?

    I assume you mean FTP Server?

    When i add the line AddCertificte=filename is the filename the ftp server path? or a local flash path

    #22296
    wscit
    Member
    • Total Post: 3
    • Newbie

    I imported my Trusted Root Auth Certificate being aour domain controller certificte, as its our Root CA

    I imported using the USB drive and import wizard

    When i connect i now get

    SSL: error ERR_RSA_DECRYPTION
    SSL” unable to setup connection (err=- 7702)

    #22311
    ConfGen
    Keymaster
    • Total Post: 11485
    • Jedi Master
    • ★★★★★★★

    Only RDS Broker is supported. TS Gateway isn’t. This is planned in a later release.

    CG

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.