{"id":6456,"date":"2014-01-24T16:00:01","date_gmt":"2014-01-24T15:00:01","guid":{"rendered":"https:\/\/ingmarverheij.com\/?p=6456"},"modified":"2014-01-21T17:51:32","modified_gmt":"2014-01-21T16:51:32","slug":"citrix-receiver-chosen-trust-comodo-high-assurance-secure-server-ca-issuer-servers-certificate","status":"publish","type":"post","link":"https:\/\/ingmarverheij.com\/en\/citrix-receiver-chosen-trust-comodo-high-assurance-secure-server-ca-issuer-servers-certificate\/","title":{"rendered":"Citrix Receiver: You have not chosen to trust “COMODO High-Assurance Secure Server CA”, the issuer of the server’s certificate"},"content":{"rendered":"

\"Citrix<\/a>Recently I started using a MacBook to replace my Windows laptop. Since I work as a technical consultant with Citrix products I frequently connect to a Citrix XenApp \/ XenDesktop environment, amongst other to our lab.<\/p>\n

While the installation was straightforward (just go to receiver.citrix.com<\/a> and click on Download Reveiver for Mac<\/strong>) I quickly faced a dialog telling me I haven\u2019t chosen to trust the CA certificate with no option to solve this\u2026<\/p>\n

\"You<\/a><\/p>\n

<\/p>\n

What I find interesting is that both Safari \/ Chrome didn\u2019t complain about the trust. This most likely has to do with the way the certificates are chained. Where the browsers \u201csee\u201d the entire chain (AddTrust External CA Root<\/strong> >> COMODO High-Assurance Secure Server CA<\/strong> >> <server certificate><\/strong>) the Citrix Receiver only sees the server certificates and expects the signing certificate in the keychain.<\/p>\n

The solution is as easy as it sounds, just add the signing certificate to the Keychain<\/a>.<\/p>\n

 <\/p>\n

Export the certificate<\/h1>\n

First we need to get our hands on the certificate of the signing party (in this case the COMODO certificate). One way of retrieving the root \/ intermediate certificate is by downloading it from the signing part, COMODO provides a download portal containing all their root \/ intermediate certificates (link<\/a>).<\/p>\n

\"Comodo<\/a><\/p>\n

But not all certificates are easy to find or not available at all (for instance when the CA is hosted by your company or a third party). Fortunately you can easily export it via Safari. It just not that obvious when you\u2019re a stubborn-Windows-user like me.<\/p>\n