Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

Error on a Citrix client: err supporting the policies extension

Citrix has documented this issue. To troubleshoot, you'll need to use corrected versions of its products (patch).

This error is generated by certificates that do not hold a "certificate policy" field (such as TBS X509 wildcard certificates).
But, according to the RFC 3647, particularly the chapter 3, the certificates delivered by TBS are compliant to this standard.
On some versions of Citrix, the implementation is not compliant with the standard by forbidding the certificates with an unactivated "Non critical" field. This does not respect the X509 V3 standard, but it should be corrected in the versions to come.

Other solution?

If you have a wildcard certificate, install a mono- or a milti-CN certificate from an other brand (Symantec, Thawte, Sectigo, ...)

To do so, launch the MMC as explained here (step 1):
Install intermediate or root certificates manually

Go to the   Intermediate Certification Authorities file. Search for "AddTrust External CA Root". If you find it, delete it.

Then, in the same file, do right click / All Tasks / Import and add the certificate

Restart Citrix Secure Gateway. Citric should now get connected without problem.