My ICG is using a wildcard certificate from GlobalSign. Last week, GlobalSign revoked the intermediate certificate to which our wildcard cert belongs. To my amazement, clients remained connected to the ICG, could still receive profile updates etc and be shadowed. Even after restarting the ICG and UMS servers. I think this is something that needs to be investigated, i think if a cert in the chain is revoked the clients should no longer accept connecting to the ICG.
I had to re-issue the certificate, so i uploaded the new intermediate and new wildcad to the UMS. The root CA is still the same, but i cant seem to update the ICG.
What are my options?
Hi, good point, I don’t think a revoked certifcate will impact here. I will discuss that with our Security team.
Assuming you are speaking about actual ICG / UMS / IgelOS:
Thanks for the link! It looks like the wizard doesn’t support wildcard certificates.
There is a big missunderstanding, the fingerprint all the time is based on the root cert, its never based on intermediate or entity
If you only add a new intermediate or a new end entity that makes no difference for the ICG connection
You can easy check this:
click to the following button in the UMS
Have a look into the certificate and check the fingerprint:
Compare that fingerprint with the fingerprint on your ICG – and surprise – its the same:
@member The problem with the wildcard is, that your whole certificate row need to accept wildcards, not only the last cert
First of all, thanks for the explanation, but I don’t fully understand. If the root certificate is all that matters for a successful client to ICG connection, what purpose is left for the entity (in our case wildcard) certificate?
the end entity is used that the server part of the certificate trust the root ca
so for a Wildcard cert you need a SAN certificate instead of CN certificate for “only” a name
Thanks for the explanation.
Continue reading and comment on the thread ‘How to update the root CA certificate on the ICG? ‘. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above messasge thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- USB webcams in combination with RDP on IGEL OS?
- IGEL OS on Raspberry Pi?
- After upgrading to IGEL OS 11.04.200.01 my Citrix Storefront configuration does not work anymore – Error adding store: AM_ERROR_AUTH_NETWORK_ERROR
- Citrix session crashes with black screen, any advice and how do I find logging?
- Can I to use Remote desktop and webcam support via a thin client with IGEL software?
- IGEL UMS Universal Update Error: “could not resolve host name”
- What is required for Zoom VDI/Zoom Media Plugin for Citrix on IGEL OS?