JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Error on a Citrix client: err supporting the policies extension

Citrix has documented this issue. To troubleshoot, you'll need to use corrected versions of its products (patch).

http://support.citrix.com/article/CTX113002

This error is generated by certificates that do not hold a "certificate policy" field (such as TBS X509 wildcard certificates).
But, according to the RFC 3647, particularly the chapter 3, the certificates delivered by TBS are compliant to this standard.
On some versions of Citrix, the implementation is not compliant with the standard by forbidding the certificates with an unactivated "Non critical" field. This does not respect the X509 V3 standard, but it should be corrected in the versions to come.

Other solution?

If you have a wildcard certificate, install a mono- or a milti-CN certificate from an other brand (Symantec, Thawte, Sectigo, ...)

To do so, launch the MMC as explained here (step 1):
Install intermediate or root certificates manually

Go to the   Intermediate Certification Authorities file. Search for "AddTrust External CA Root". If you find it, delete it.

Then, in the same file, do right click / All Tasks / Import and add the certificate
http://www.tbs-x509.com/AddTrustUTNLegacyCA.crt

Restart Citrix Secure Gateway. Citric should now get connected without problem.