Jump to content
Updated Privacy Statement
  • 17

Citrix Workspace App GlobalSign Root CA post upgrade to Catalina Beta


Question

  • Answers 156
  • Created
  • Last Reply

Top Posters For This Question

Recommended Posts

  • 0
25 minutes ago, Haluk Tezcan said:

I am a physician and testing remote access to our EMR and since upgrade to MacOS Catalina I am also getting the same error. Has there been any solution?  I am not able to evaluate the beta version of MacOS and provide feedback which is the purpose of us trying. Any updates work arounds?

Same boat as you, no remote access for me. I haven't even been able to make the Chrome extension work. There is no point giving feedback to Apple or your system admin. This problem is 100% Citrix using obsolete, insecure tech in their certificates and deciding they won't fix it until they have to. 

Link to comment
  • 0
On 10.07.2019 at 8:49 AM, Tejus Adiga M said:

Hi,

 

The certificate issue on Catalina has nothing to do with Citrix Workspace app for macOS. Citrix does not issue these certificates. 

To resolve the issue kindly ask your Administrator to get the new set of Certificates from your respective Certificate provider. These newly generated certificates must follow Apple guidelines as mentioned in https://support.apple.com/en-in/HT210176.

 

 

TejusAdigaM,

Any update here? Catalina release is coming soon. I realize that Citrix has no support for beta releases, but is it registered as a bug and is there any work going towards resolution?

There are two options:

1. Citrix admits a bug and commits to release fix till Catalina is going to production.

2. Citrix gives recommendations on what criteria certificate should satisfy in order to get workspace working on Catalina. Our certificate 100% satisfy these requirements, but it still doesn't work. I can provide a public certificate to support if necessary.

Link to comment
  • 0
On 10/07/2019 at 8:49 AM, Tejus Adiga M said:

Hi,

 

The certificate issue on Catalina has nothing to do with Citrix Workspace app for macOS. Citrix does not issue these certificates. 

To resolve the issue kindly ask your Administrator to get the new set of Certificates from your respective Certificate provider. These newly generated certificates must follow Apple guidelines as mentioned in https://support.apple.com/en-in/HT210176.

 

 

I totally disagree with this opinion. The certificates are trusted 100% down the chain; the issue is not with the certificates as these are trusted by all applications other than the Citrix workstation app; it’s the way the app interrogates or reads the certificates, and is getting the wrong details back. So Citrix need to accept this and pull their finger out, not sure how often they can blame enterprise. For their bugs, and suggest everyone else is wrong and everyone else needs to do something to get around a bug in their software crazy way to run a company. 

Link to comment
  • 0
On 7/9/2019 at 11:49 PM, Tejus Adiga M said:

Hi,

 

The certificate issue on Catalina has nothing to do with Citrix Workspace app for macOS. Citrix does not issue these certificates. 

To resolve the issue kindly ask your Administrator to get the new set of Certificates from your respective Certificate provider. These newly generated certificates must follow Apple guidelines as mentioned in https://support.apple.com/en-in/HT210176.

 

 

Have you lost your faculty to speak? Other posters have clearly debunked this. Your response is...?

Link to comment
  • 0
19 hours ago, George Culainn said:

This is incorrect on multiple levels:

1. The issue only has to do with the workspace app, as many other apps operate fine regardless of the upgrade, it's this specific app that's affected

2. Citrix doesn't issue the certificates, but no one said they do? Citrix, however, is requesting the certificates so it's their responsibility to ensure that the CA that signs for their cert is trusted by the OS. They should regularly check whether a CA is being deprecated or expiring in MacOS.

3. Obtaining 'new set of certificates' solves nothing (disregarding the fact that the G2 Citrix is using to sign the app is superseded by the G3). Even when manually importing the G2 signing CAs, the app is still flagging them to be untrusted. Please read the issue descriptions before coming back with a proposition.

4. Why tell people what guidelines define how certs should be generated? Do you think the people reporting this issue can generate a new cert for the Citrix app? There is no control people outside Citrix have on which certs are used in the app and how.

 

In all likelihood the issue stems from Apple's choice to deprecate SHA1 (https://www.macrumors.com/2019/06/06/apple-deprecates-sha1-macos-catalina-ios-13/) and the Citrix app certs being SHA1. The app certs will need to be recreated using a SHA2 signing method *by Citrix*. Consumers have no way to fix this for Citrix.

 

The only workaround for now is to use OS-es and devices that still support TLS over SHA1 cyphers. Take a look at this to understand why: https://en.wikipedia.org/wiki/SHA-1#Attacks

 

I recommend to make the feedback constructive next time as this type of communication just makes the company appear amateurish.

They've stopped answering.

Link to comment
  • 0
On 1.8.2019 at 3:41 PM, Paul Kirvan said:

You're too kind. This isn't about releasing versions for the betas, its about releasing versions for the actual release. It's not like this is some bug in the beta that we want them to work around for us that Apple might fix in a later beta. This is a conscious decision by Apple to require decent security in the Catalina release version. Why would Citrix want to postpone using modern security certificates? If they cared about security as much as they tell their customers they do they'd already be using the latest and this would never have happened. Instead, they are going to wait until Catalina ships and it starts causing problems for end users...

Bring your own device was one of the reasons to choose Citrix desktop in my company. 
But now I seriously starting to get cold feet and maybe have to reconsider to check other solutions. 
Had to reinstall my Mac due to a problem with update to public beta 4. (don't know what went wrong, but since all my files is in cloud there is no problem to reinstall)
But when it comes to Citrix Workspace it is not possible to install. Therefore I have to run parallels and a win10 virtual machine :(. 
Citrix Workspace is not possible to install. First you get the warning that it does not come from a trusted developer. Give permission in settings. 
Next warning is that Cannot open "Install Citrix Workspace" because Apple cannot check the contents of malicious software.
This is not what I expect from Citrix. 

Link to comment
  • 0

Hi all, for me, depends what I connect to:

  • Storefront: OK (so no ICA proxy, direct ICA to VDA)
  • Netscaler: FAIL (ICA over HTTPS proxy)

Looking into whether cert difference or just the fact it's proxied.  Am assuming it's cert differences, as others on here seem to be connecting directly to Storefront, not certain though.

Link to comment
  • 0
1 hour ago, Gus Galeano said:

 

So when is this happening? I have not received any information on how to participate or activate a beta. Thanks in advance.

Havn't received anything either... maybe they send something out when Catalina goes GM as we earlier predicted xD :32_expressionless:

Link to comment
  • 0
6 hours ago, Paul Kirvan said:

Patience would be totally appropriate if this was just a bug or whatever. But the fact is, Citrix has been using obsolete, insecure certificates for years and would gleefully be doing it forever if it weren't for Apple. That's right, users have to rely on Apple to sort Citrix out because Citrix it self couldn't care less about security. That's unfortunate. And its been going on for years. So patience isn't warranted.

 

This thread is about the Problem that CWA is not working on Catalina Beta. I'm not working for Citrix. I don't know why you quote my post and attack Citrix in it.
In my case, the Cert which was mentioned in the Error message that the Cert is "not trusted" was not issued or placed by Citrix. The message that the Cert is not ok was not correct, that was the Bug imho.  I don't agree that Citrix  couldn't care less about security. This forum is to help each other, and my post from yesterday should be an info that there is  light at the end of the tunnel... 

Link to comment
  • 0
9 minutes ago, Chris Lewis1709161061 said:

The day has finally come and Citrix are now rolling out a working beta. 

 

Fond memories of when Citrix employee @Tejus Adiga M tried to claim that the problem was nothing to do with them, and the rest of the Internet was at fault...

 

 

 

Just wish I had the beta, signed up the moment it was posted and still nothing, but yes not Citrix's fault is awesome.

 

I am waiting for the you didnt get the Beta, it is your fault figure it out.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...