Home » ssl

Tag: ssl

AWS IAM CERTIFICATE_VERIFY_FAILED

Situation

When attempting to call AWS CLI commands we were receiving a CERTIFICATE_VERIFY_FAILED error message. We were using a proxy service. In this specific instance we were connecting to AWS IAM via zScaler Internet Access (ZIA)

Example

we were running a simple

aws iam get-role --role-name vmimport

 

Workaround

include–no-verifyssl to by pass the ssl verification

aws iam get-role --role-name vmimport --no-verify-ssl

Solution

Drop or whitelist the iam.amazonaws.com from SSL inspection on the proxy server

Citrix Edgesight email test works but Edgesight alert emails not sending

Problem:

After the setup of a new Edgesight server it was noticed that the notifications settings of the Citrix Edgesight server were correct and when testing them would get an instant email from the edgesight server (Server Configuration > Settings > Notifications > Test Email button)

edgesight_email_Test_working

However when testing an Edgesight alert the ‘Alert’ emails weren’t coming through, even though we had successfully tested above!

 

Solution:

After checking the usual thing slike can Edgesight talk to the exchange server, is relay allowed for the IP address of the Edgesight server in the exchange server etc the following steps were performed:

  1. Check core_zalertq_actions and cote_zalertq_recv were listed as running under Server Status > Server script host and if no start them or reboot the server and check they have startedcitrix_edgesight_alerts
  2. If they are ok Check that the server name matches the FQDN of the SSL certificate on the Edgesight server under ‘Server Configuration > Settings > Notifications’ By default Edgesight will only fill in the HOSTNAME which wont work with the SSL settings on the Edgesight servercitrix_edgesight_notificationsettings

Working!

edgesight_email_alert_Test_working

 

References:

And after writing all this I found the official Citrix article – http://support.citrix.com/article/CTX126701 .. so could have saved myself repeating it all! Grrr 🙂

Netscaler ERROR: Invalid private key, or PEM pass phrase required for this private key

When adding a new cert (or replacement cert) from the command line we received the above error.
The original key was used with openssl and there was no passphrase for the key file.
Simply converting the key (not the cert) from the Netscaler shell worked using the following command:
openssl rsa -in ‘originalkeyfile’ –out ‘newkeyfile’ fixes the file and allows for addition of the certificate and its key to the netscaler

Adding the cert to the netscaler from the command line
add certkey CERTIFICATE_FULL_NAME.cer -cert /nsconfig/ssl/MYCERT_CERT.cer -key /nsconfig/ssl/MYCERT_KEY.key

Citrix ICA SSL Error on MAC OSX

Author: James Scanlon

Updated: 07/02/2012 

CITRIX SSL Error On Mac OSX

  1. When logging into Citrix on MAC OSX using Firefox, some users may get the following error’You have not chosen to trust “Verisign Class 3 Extended Validation SSL SGC CA”, the issuer of the server’s security certificate (SSL error 183)’
  2. Open Firefox preferences + Advanced Tab
  4. View Certificates button
  6. In the Certificates dialog, switch to the Authorities tab and find the “Verisign Class 3 Extended Validation SSL SGC CA” entry 
  7. Click on the Export button and give the file an extension of .crt – save to the desktop
  8. Double click the .crt file on the desktop + click Add
  10. Right Click the newly imported certificate + Get Info + Change the Trust option to + Always Trust
  12. Try to relaunch the Citrix Access