Sunday, November 08, 2015

Umoja and Citrix Receiver

If you have any issues with logging in through Citrix and/or have this dialog 
Citrix Receiver: You have not chosen to trust “COMODO High-Assurance Secure Server CA”, the issuer of the server’s certificate bothering you

This note is for the people who use apple products to login to Umoja. The access gateway to Umoja is possible in two ways namely the VPN connection and the Citrix connection. This blog is to make sure you have the steps to install necessary components make sure your Citrix connection works perfectly. The setup process is a three step process such as:
1. Installation of the Citrix receiver
2. Downloading the necessary certificates and
3. Installing the certificated in apple keychain.
Let me explain you them in order

Installation of the receiver

Go to citrix download site (http://www.citrix.com/go/receiver.html) and your computer will automatically detect the appropriate receiver for you. If not choose the receiver 12.1 for mac
Once the dmg file is downloaded follow the normal instruction to install the citrix receiver onto your computer. Once it is complete, you will have this icon in your applications stalk.

If you try to access the citrix without proper certificates installed you will get an error like this:
What I find interesting is that both Safari / Chrome didn’t complain about the trust. This most likely has to do with the way the certificates are chained. Where the browsers “see” the entire chain (AddTrust External CA Root "COMODO High-Assurance Secure Server CA "; ) the Citrix Receiver only sees the server certificates and expects the signing certificate in the keychain.

Downloading the certificates:

First we need to get our hands on the certificate of the signing party (in this case the COMODO certificate). One way of retrieving the root / intermediate certificate is by downloading it from the signing part, COMODO provides a download portal containing all their root / intermediate certificates 

Go the url: https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/71
and click on the two certificate links as marked and download them. The download link is available after you click this URL and scroll through the bottom of that page



Save the two certificates in an easily accessible folder for the next step

Installation of the certificates

Now you’ve got the certificate file you can import it in the Keychain. Just like installing any other application, once you know how it’s done it’s easier than brushing your teeth. 
Go to the folder you had downloaded the certificates and double click on the certificate file. This will open the Add Certificates dialog where you can select the Keychain (login), all you then have to do is click on Add
Once it is done, you need to make sure the certificates are marked as trusted certificates. To do that you need to click on View Certificates. If you had forgotten to click, open Keychain from Launchpad.
Select one of the COMODO certificate that was installed before (double click)

Open the Trust section and make sure the option 'Always Trust' is selected against the first option 'When using the certificate'. 



you can access Umoja without any issues.

Thanks to my colleague Conor O'Brien and Ben for helping in this issue. 

Good day!