[THIN] Re: AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client

• From: "M" <mathras@xxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 8 Jan 2003 23:06:02 -0000

Going right back to basic for the Java Client and SSL Have you reviewed
Citrix Article CTX451210 ?

regards


----- Original Message -----
From: "Daniel Schoppmann" <dschoppmann@xxxxxx>
To: <thin@xxxxxxxxxxxxx>
Sent: Wednesday, January 08, 2003 10:28 PM
Subject: [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a
cooperate Network and via java client


>
> Hi Joe
>
> I tried this, although it works for the other ica clients with the already
> builtin globalsign certificates of IE.
> I deleted all certs in client browser and installed the ROOT CA from
> http://secure.globalsign.net/en/trust/trust_ms.cfm
> but.. sadly ... same error !
> Any other idea ?
>
> Ciao, Daniel
>
> dschoppmann@xxxxxx
> http://www.schoppmann.com/
>
> Meeräckerstr. 24
> 68163 Mannheim
>
> home: 0621/8191407
> mobil:0172/6395617
>
>
> -----Ursprüngliche Nachricht-----
> Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im
> Auftrag von Joe Shonk
> Gesendet: Mittwoch, 8. Januar 2003 23:09
> An: thin@xxxxxxxxxxxxx
> Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a
> cooperate Network and via java client
>
>
>
> Try installing the Root CA on the client.
>
> Joe
>
> -----Original Message-----
> From: Daniel Schoppmann [mailto:dschoppmann@xxxxxx]
> Sent: Wednesday, January 08, 2003 2:13 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a
> cooperate Network and via java client
>
>
>
> Hi List
>
> We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from Globalsign.
> All secured over 443. STA in Cooperate Network.
>
> From outside company network (internet) access via ICA-full and =
> webclient
> works perfect.
>
> Here the 2 problems we still have:
>
> 1. From inside the coorperate Network (the client has to traverse Proxy,
> Firewall, Router) it is not possible to open Metaframe apps. SSL error =
> 40 !
> First of all I thought this doesn't matter for our network, because I =
> also
> have an internal NFUSE Server for access within the VPN. But know we =
> want to
> access our Metaframe server through our NFUSE in DMZ from other =
> companies
> cooperate networks (or Intranet or whatever the common name is) using =
> their
> Internet access way.(ASP)
> The NFuse "client side firewall" settings are set to "use proxy settings
> from Browser".
> No my question: I think all that is need to be open on the client side
> firewall is Port 80 and port 443. Am I right ?
> The first test we made from another companies network brought ssl error =
> 40.
> Any ideas ?
> Anyone made same experience from other companies network with such an =
> ASP
> like environment ?
>
>
> 2. As already said above, from outside company network (internet) access =
> via
> ICA-full and webclient works perfect.
> The Java Client doesn't work. It start and then brings an error sounds =
> like,
> that
>
> Translated from German:
> The security certificate of the server is not trustworthy. To allow =
> access
> to this server, you have to install the certificate "GlobalSign Root CA"
> Details shows:
>
> SslCertificateNotTrustedException.  Issuer "GlobalSign Root CA"
> at com/citrix/sdk/security/exceptions/SslException.convert
> at com/citrix/sdk/security/ssl/SslOutputStream.write
> at
> com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginSo=
> cks
> 5Handshake
> at com/citrix/sdk/security/socks/a/b.a
> at com/citrix/sdk/security/socks/a/b.b
> at com/citrix/sdk/security/socks/a/b.<init>
> at com/citrix/sdk/security/Socks5SocketFactory.createSocket
> at com/citrix/sdk/security/SocketFactory.createSocks5Socket
> at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket
> at java/lang/reflect/Method.invoke
> at com/citrix/client/io/net/ip/x.b
> at com/citrix/client/io/net/ip/x.c
> at com/citrix/client/io/net/ip/x.a
> at com/citrix/client/io/net/ip/x.connect
> at com/citrix/client/io/net/ip/v.<init>
> at com/citrix/client/io/net/ip/v.<init>
> at com/citrix/client/module/td/tcp/TCPTransportDriver.q
> at com/citrix/client/module/td/TransportDriver.run
>
> I have already opened a call at citrix, but we already seem to have =
> checked
> everything.
>
> - Root and server Certs are installed on both CSG and NFUSE
>
> and remember, it works perfectly with local ica-clients. That is realy =
> crazy
> !
> Is their perhaps a known issue with certificates from Globalsign ?
>
> I am wishufully waiting on some genious ideas !!!
>
>
> Ciao, Daniel
>
> dschoppmann@xxxxxx
> http://www.schoppmann.com/
>
> Meer=E4ckerstr. 24
> 68163 Mannheim
>
> home: 0621/8191407
> mobil:0172/6395617
>
> ***********************************************=20
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
> ***********************************************
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
> ***********************************************
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm


*********************************************** 
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] AW: Re: AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
    • From: Daniel Schoppmann

• References:
  • [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
    • From: Daniel Schoppmann

Other related posts:

• » [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
• » [THIN] Re: AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
• » [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
• » [THIN] Re: AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client

1. Home
2. thin
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---