Going right back to basic for the Java Client and SSL Have you reviewed Citrix Article CTX451210 ? regards ----- Original Message ----- From: "Daniel Schoppmann" <dschoppmann@xxxxxx> To: <thin@xxxxxxxxxxxxx> Sent: Wednesday, January 08, 2003 10:28 PM Subject: [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client > > Hi Joe > > I tried this, although it works for the other ica clients with the already > builtin globalsign certificates of IE. > I deleted all certs in client browser and installed the ROOT CA from > http://secure.globalsign.net/en/trust/trust_ms.cfm > but.. sadly ... same error ! > Any other idea ? > > Ciao, Daniel > > dschoppmann@xxxxxx > http://www.schoppmann.com/ > > Meeräckerstr. 24 > 68163 Mannheim > > home: 0621/8191407 > mobil:0172/6395617 > > > -----Ursprüngliche Nachricht----- > Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im > Auftrag von Joe Shonk > Gesendet: Mittwoch, 8. Januar 2003 23:09 > An: thin@xxxxxxxxxxxxx > Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a > cooperate Network and via java client > > > > Try installing the Root CA on the client. > > Joe > > -----Original Message----- > From: Daniel Schoppmann [mailto:dschoppmann@xxxxxx] > Sent: Wednesday, January 08, 2003 2:13 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a > cooperate Network and via java client > > > > Hi List > > We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from Globalsign. > All secured over 443. STA in Cooperate Network. > > From outside company network (internet) access via ICA-full and = > webclient > works perfect. > > Here the 2 problems we still have: > > 1. From inside the coorperate Network (the client has to traverse Proxy, > Firewall, Router) it is not possible to open Metaframe apps. SSL error = > 40 ! > First of all I thought this doesn't matter for our network, because I = > also > have an internal NFUSE Server for access within the VPN. But know we = > want to > access our Metaframe server through our NFUSE in DMZ from other = > companies > cooperate networks (or Intranet or whatever the common name is) using = > their > Internet access way.(ASP) > The NFuse "client side firewall" settings are set to "use proxy settings > from Browser". > No my question: I think all that is need to be open on the client side > firewall is Port 80 and port 443. Am I right ? > The first test we made from another companies network brought ssl error = > 40. > Any ideas ? > Anyone made same experience from other companies network with such an = > ASP > like environment ? > > > 2. As already said above, from outside company network (internet) access = > via > ICA-full and webclient works perfect. > The Java Client doesn't work. It start and then brings an error sounds = > like, > that > > Translated from German: > The security certificate of the server is not trustworthy. To allow = > access > to this server, you have to install the certificate "GlobalSign Root CA" > Details shows: > > SslCertificateNotTrustedException. Issuer "GlobalSign Root CA" > at com/citrix/sdk/security/exceptions/SslException.convert > at com/citrix/sdk/security/ssl/SslOutputStream.write > at > com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginSo= > cks > 5Handshake > at com/citrix/sdk/security/socks/a/b.a > at com/citrix/sdk/security/socks/a/b.b > at com/citrix/sdk/security/socks/a/b.<init> > at com/citrix/sdk/security/Socks5SocketFactory.createSocket > at com/citrix/sdk/security/SocketFactory.createSocks5Socket > at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket > at java/lang/reflect/Method.invoke > at com/citrix/client/io/net/ip/x.b > at com/citrix/client/io/net/ip/x.c > at com/citrix/client/io/net/ip/x.a > at com/citrix/client/io/net/ip/x.connect > at com/citrix/client/io/net/ip/v.<init> > at com/citrix/client/io/net/ip/v.<init> > at com/citrix/client/module/td/tcp/TCPTransportDriver.q > at com/citrix/client/module/td/TransportDriver.run > > I have already opened a call at citrix, but we already seem to have = > checked > everything. > > - Root and server Certs are installed on both CSG and NFUSE > > and remember, it works perfectly with local ica-clients. That is realy = > crazy > ! > Is their perhaps a known issue with certificates from Globalsign ? > > I am wishufully waiting on some genious ideas !!! > > > Ciao, Daniel > > dschoppmann@xxxxxx > http://www.schoppmann.com/ > > Meer=E4ckerstr. 24 > 68163 Mannheim > > home: 0621/8191407 > mobil:0172/6395617 > > ***********************************************=20 > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or=20 > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > *********************************************** > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > > *********************************************** > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm *********************************************** This Weeks Sponsor: WM Software WMS Messenger for TSE Affordable Instant Messaging for Terminal Servers http://www.wmsoftware.com/wmsm/ ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm