Receive error “AM_ERROR_HTTP_SERVER_CERTIFICATE_NOT_TRUSTED” when attempting to connect to my desktop via Citrix StoreFront via IGEL OS

I’m working with a new customer and while I was waiting for a certificate, I created a CA in windows and created my own certificates to do some preliminary testing. I added my CA cert, is both DER and BASE64, to my thin clients in UMS and keep getting the AM_ERROR_HTTP_SERVER_CERTIFICATE_NOT_TRUSTED when attempting to connect to my desktop via Citrix StoreFront. My CA certs are located in /wfs/ca-certs/. Is there anything else I could be missing?

Learn more, read the entire thread inside the IGEL Community o Slack

Are they uploaded as certificates, to files? If not, can you delete the certs from UMS, reupload and choose common certificate?

If that doesn‘t work, can you jump into a terminal and check your certificates with openssl:

Through a new profile: Accessories=>Terminal => Blue Star => Save Profile and assign it to your endpoint. Locally open the terminal and login as root:

To show different information for a certificate

openssl x509 -in /wfs/ca-certs/tc_ca.crt -noout -text

openssl x509 -in /wfs/ca-certs/tc_cat.crt -noout -issuer

openssl x509 -in /wfs/ca-certs/tc_cat.crt -noout -subject

openssl x509 -in /wfs/ca-certs/tc_cat.crt -noout -issuer -subject

To verify root certificate against site

openssl s_client -connect -CApath /etc/ssl/certs

Test all certs together for chain.

openssl verify -verbose -purpose sslserver -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem

Test all certs together for chain if no intermediate Ca is present:

openssl verify -verbose -purpose sslserver -CAfile RootCert.pem -untrusted UserCert.pem

I just uploaded the cert to ‘files’, then applied the file to the container with the thin clients.

I uploaded them to UMS as certs but Undefined. I also targeted the directory /wfs/ca-certs/certname.cer. I typically do it how Barry stated in his reply.

Can you please retry as common certificate like described before?

Ok I added them as Common Certificate and i’m still getting the same error. I will try the other steps you suggested

Thanks! Ok, keep my fingers crossed.

So I ran the command to verify the ca root vs the site and it get an error 9, verify error:num=9:certificate is not yet valid

notBefore=Sep 12 12:21:00 2019 GMT

So is this my problem? GMT time is 652pm right now. So it should be valid.

How about local NTP Time server and actual time? Is everything set and working properly?

Same time on CA and endpoint?

that’s my problem, this vlan these igels are in aren’t able to pull NTP from the internet.

And local NTP available? From the DC maybe? Changing Timezone maybe?

let me try that.

That was it, Sebastian, as always, thank you so much!

You are welcome! Happy to help!!

Continue reading and comment on the thread ‘Receive error “AM_ERROR_HTTP_SERVER_CERTIFICATE_NOT_TRUSTED” when attempting to connect to my desktop via Citrix StoreFront via IGEL OS’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: