SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Error on a Citrix client: err supporting the policies extension

Citrix has documented this issue. To troubleshoot, you'll need to use corrected versions of its products (patch).

http://support.citrix.com/article/CTX113002

This error is generated by certificates that do not hold a "certificate policy" field (such as TBS X509 wildcard certificates).
But, according to the RFC 3647, particularly the chapter 3, the certificates delivered by TBS are compliant to this standard.
On some versions of Citrix, the implementation is not compliant with the standard by forbidding the certificates with an unactivated "Non critical" field. This does not respect the X509 V3 standard, but it should be corrected in the versions to come.

Other solution?

If you have a wildcard certificate, install a mono- or a milti-CN certificate from an other brand (DigiCert, Thawte, Sectigo, ...)

To do so, launch the MMC as explained here (step 1):
Install intermediate or root certificates manually

Go to the   Intermediate Certification Authorities file. Search for "AddTrust External CA Root". If you find it, delete it.

Then, in the same file, do right click / All Tasks / Import and add the certificate
http://www.tbs-x509.com/AddTrustUTNLegacyCA.crt

Restart Citrix Secure Gateway. Citric should now get connected without problem.