I'm not able to connect my laptop to the office network. I'm running icaclient 22.12.0.12 on a Debian 11 system.
I'm getting the famous SSL error 61. I already tried with the solutions proposed in this forum to make symlinks from Firefox's certificates to /opt/Citrix/ICAClient/keystore/cacerts/ but it did not solve.
[W]==> CSDKInitialise:96> (C)2021 Citrix CryptoSDK v14.2.2.0 (OpenSSL 1.1.1n 15 Mar 2022 (Citrix FIPS-capable)) built on Mar 24 2022 14:07:08
[W]==> initialiseSSLSDKWithParameter:168> (C)2021 Citrix CryptoKit v14.2.2.0 (OpenSSL 1.1.1n 15 Mar 2022 (Citrix FIPS-capable)) built on Mar 24 2022 14:07:13
[W]==> initialiseSSLSDKWithParameter:199> SSLSDK initialized WITHOUT smartcard support. Compliance Mode is OPEN
[E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired!
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> validateChain:1718> Can't find trusted root
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> validateChain:1718> Can't find trusted root
[E]==> verifyPeerIdentityCallback:88> status: 61.
[E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired!
[E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired!
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> validateChain:1718> Can't find trusted root
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> checkCertificateRootTrust:1616> Can't find trusted cert
[E]==> validateChain:1718> Can't find trusted root
[E]==> verifyPeerIdentityCallback:88> status: 61.
and the popup window which appears reporting the error which says more or less to contact the helpdesk with the following info: you chose not to trust the certification authority "CA Sogei", the certification authority which supplied the server certificate.
Question
Gian Luca Rocchi
Hi all,
I'm not able to connect my laptop to the office network. I'm running icaclient 22.12.0.12 on a Debian 11 system.
I'm getting the famous SSL error 61. I already tried with the solutions proposed in this forum to make symlinks from Firefox's certificates to /opt/Citrix/ICAClient/keystore/cacerts/ but it did not solve.
Below the cmd line:
:~$ /opt/Citrix/ICAClient/wfica.sh Scrivania/Q29udHJvbGxlci5Db25uZXNzaW9uZSBEZXNrdC00.ica
and the resulting log to the terminal:
[W]==> CSDKInitialise:96> (C)2021 Citrix CryptoSDK v14.2.2.0 (OpenSSL 1.1.1n 15 Mar 2022 (Citrix FIPS-capable)) built on Mar 24 2022 14:07:08 [W]==> initialiseSSLSDKWithParameter:168> (C)2021 Citrix CryptoKit v14.2.2.0 (OpenSSL 1.1.1n 15 Mar 2022 (Citrix FIPS-capable)) built on Mar 24 2022 14:07:13 [W]==> initialiseSSLSDKWithParameter:199> SSLSDK initialized WITHOUT smartcard support. Compliance Mode is OPEN [E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired! [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> validateChain:1718> Can't find trusted root [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> validateChain:1718> Can't find trusted root [E]==> verifyPeerIdentityCallback:88> status: 61. [E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Sonera Class2 CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (DST Root CA X3) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (GlobalSign) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Staat der Nederlanden EV Root CA) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (Cybertrust Global Root) is already expired! [E]==> certCheckValidityPeriod:668> Certificate (QuoVadis Root Certification Authority) is already expired! [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> validateChain:1718> Can't find trusted root [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> checkCertificateRootTrust:1616> Can't find trusted cert [E]==> validateChain:1718> Can't find trusted root [E]==> verifyPeerIdentityCallback:88> status: 61.
and the popup window which appears reporting the error which says more or less to contact the helpdesk with the following info: you chose not to trust the certification authority "CA Sogei", the certification authority which supplied the server certificate.
any suggestion is welcome..
Thanks
Link to comment
3 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now