Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Error 82 on a Citrix client

Citrix has documented this issue. To troubleshoot, you'll have to use corrected versions of its products:

Cannot connect to the Citrix xxx Server. SSL Error 82: The security certificate "AddTrust External CA Root" is not suitable for use in SSL connections. Reaseon : Unsuitable Netscape Usage Extension field.

Other solution?

If you have a TBS X509 certificate, you'll have to change the intermediate root that has been installed with the .p7b file. Do not install:

http://www.tbs-x509.com/AddTrustUTNServerCA.crt
Common Name: AddTrust External CA Root
Validity date: 2019-07-09
Serial number: 1C CE 44 62 95 19 7A 9D 63 52 F9 F2 23 A9 B6 98

but:

http://www.tbs-x509.com/AddTrustUTNLegacyCA.crt
Common Name: AddTrust External CA Root
validity date: 2019-07-09
Serial number: 3D 02 7B 2F B9 2E 66 5C 62 22 F8 D6 32 BC 7F B8

To do so, launch the MMC as explained here (step 1):
Install intermediate and root certificates manually

Go to  Intermediate Certification Authorities. in the list, search for "AddTrust External CA Root". If you find it, delete it.

Now add the certificate (right click / All Tasks / Import):
http://www.tbs-x509.com/AddTrustUTNLegacyCA.crt

Restart your le Citrix Secure Gateway. Citrix client should now be able to get connected.