Error on a Citrix client: err supporting the policies extension
Citrix has documented this issue. To troubleshoot, you'll need to use corrected versions of its products (patch).http://support.citrix.com/article/CTX113002
This error is generated by certificates that do not hold a "certificate policy" field (such as TBS X509 wildcard certificates).
But, according to the RFC 3647, particularly the chapter 3, the certificates delivered by TBS are compliant to this standard.
On some versions of Citrix, the implementation is not compliant with the standard by forbidding the certificates with an unactivated "Non critical" field. This does not respect the X509 V3 standard, but it should be corrected in the versions to come.
Other solution?
If you have a wildcard certificate, install a mono- or a milti-CN certificate from an other brand (DigiCert, Thawte, Sectigo, ...)To do so, launch the MMC as explained here (step 1):
Install intermediate or root certificates manually
Go to the Intermediate Certification Authorities file. Search for "AddTrust External CA Root". If you find it, delete it.
Then, in the same file, do right click / All Tasks / Import and add the certificate
http://www.tbs-x509.com/AddTrustUTNLegacyCA.crt
Restart Citrix Secure Gateway. Citric should now get connected without problem.
Last edited on 05/11/2020 14:16:33 --- [search]