It's simply the name of the certificate authority. They could just as well have been called 'Entrust Certificate Authority - Foo (Non-EV SSL)' and 'Entrust Certificate Authority - Bar (EV SSL)'. I'd guess that L1 stands for 'level 1', and they then add on a letter to differentiate between their CAs. But for anyone outside of Entrust, it's just. Do you want to open or save entrust Ilk.cer (I.80 KB) from entrust.com? Open Cancel Entrust Root Certificate Authority—G2 Product Information Valid Until: 12/7/2030 Serial Number: 4a 53 8c 28 Thumbprint: f4 27 fd 79 oc 3a dl 66 06 8d e8 le 57 efbb 93 22. Entrust Root Certification Authority - G2: Entrust Root Certification Authority - G2: RSA: 2048 bits: SHA-256: 4A 53 8C 28: 17:55:54 Dec 7, 2030: 2.16.840.1.114028.10.1.2: 43 DF 57 74 B0 3E 7F EF 5F E4 0D 93 1A 7B ED F1 BB 2E 6B 42 73 8C 4E 6D 38 41 10 3D 3A A7 F3 39: Entrust Root Certification Authority: Entrust Root Certification Authority. Name File Certificate Thumbprint (sha256) GoDaddy Class 2 Certification Authority Root Certificate - G2: gdroot-g2.crt: 45 14 0B 32 47 EB 9C C8 C5 B4 F0 D7 B5 30.
Symptoms or Error
Receiver for Mac users receive the following error message when accessing StoreFront or Web Interface applications:
'SSL Error 61: You have not chosen to trust 'Certificate Authority', the issuer of the server's security certificate. Error #: 183'
This Root Certificate should be removed and replaced with a different one found on Entrust web site or call Entrust for Support. Incorrect Root CA from Entrust Subject: CN = Entrust Root Certification Authority - G2 Serial Number: 4a 53 8c 28 Issuer: CN = Entrust Root Certification Authority - G2 Valid from: Tuesday, July 07, 2009 12:25:54 PM.
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
Update to the Latest Receiver Version
If this does not resolve the issue then proceed to the next section.
For information on Receiver feature updates refer to - Citrix Receiver Feature Matrix.
Missing Root/Intermediate Certificate
This error message suggests that the Mac client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the Secure Gateway/NetScaler Gateway server certificate.
Complete the following steps to resolve this issue:
Additional Resources
CTX101990 - Error: 'The server certificate received is not trusted (SSL Error 61)' for Receiver Users
CTX203362 - Error: 'The server certificate received is not trusted (SSL Error 61)' on Receiver for Linux CTX200836 - Error: 'SSL Error 61: You have not chosen to trust 'Certificate Authority'...' When Launching Apps with Citrix Online Plug-in Blocking Trust for WoSign CA Free SSL Certificate G2
Certificate Authority WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA. Although no WoSign root is in the list of Apple trusted roots, this intermediate CA used cross-signed certificate relationships with StartCom and Comodo to establish trust on Apple products.
In light of these findings, we took action to protect users in a security update. Apple products no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.
Entrust Root Certification Authority Citrix
To avoid disruption to existing WoSign certificate holders and to allow their transition to trusted roots, Apple products trust individual existing certificates that were issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19. They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion.
As the investigation progresses, we will take further action on WoSign/StartCom trust anchors in Apple products as needed to protect users.
Further steps for WoSign
After further investigation, we have concluded that in addition to multiple control failures in the operation of the WoSign certificate authority (CA), WoSign did not disclose the acquisition of StartCom.
We are taking further actions to protect users in an upcoming security update. Apple products will block certificates from WoSign and StartCom root CAs if the 'Not Before' date is on or after 1 Dec 2016 00:00:00 GMT/UTC.
About trust and certificates
Each macOS Trust Store listed below contains three categories of certificates:
Download Entrust Root CertificatemacOS Trust StoreDownload Entrust Root Certificate
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |