[THIN] SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
- From: "Daniel Schoppmann" <dschoppmann@xxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2003 22:12:35 +0100
Hi List
We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from Globalsign.
All secured over 443. STA in Cooperate Network.
From outside company network (internet) access via ICA-full and webclient
works perfect.
Here the 2 problems we still have:
1. From inside the coorperate Network (the client has to traverse Proxy,
Firewall, Router) it is not possible to open Metaframe apps. SSL error 40 !
First of all I thought this doesn't matter for our network, because I also
have an internal NFUSE Server for access within the VPN. But know we want to
access our Metaframe server through our NFUSE in DMZ from other companies
cooperate networks (or Intranet or whatever the common name is) using their
Internet access way.(ASP)
The NFuse "client side firewall" settings are set to "use proxy settings
from Browser".
No my question: I think all that is need to be open on the client side
firewall is Port 80 and port 443. Am I right ?
The first test we made from another companies network brought ssl error 40.
Any ideas ?
Anyone made same experience from other companies network with such an ASP
like environment ?
2. As already said above, from outside company network (internet) access via
ICA-full and webclient works perfect.
The Java Client doesn't work. It start and then brings an error sounds like,
that
Translated from German:
The security certificate of the server is not trustworthy. To allow access
to this server, you have to install the certificate "GlobalSign Root CA"
Details shows:
SslCertificateNotTrustedException. Issuer "GlobalSign Root CA"
at com/citrix/sdk/security/exceptions/SslException.convert
at com/citrix/sdk/security/ssl/SslOutputStream.write
at
com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginSocks
5Handshake
at com/citrix/sdk/security/socks/a/b.a
at com/citrix/sdk/security/socks/a/b.b
at com/citrix/sdk/security/socks/a/b.<init>
at com/citrix/sdk/security/Socks5SocketFactory.createSocket
at com/citrix/sdk/security/SocketFactory.createSocks5Socket
at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket
at java/lang/reflect/Method.invoke
at com/citrix/client/io/net/ip/x.b
at com/citrix/client/io/net/ip/x.c
at com/citrix/client/io/net/ip/x.a
at com/citrix/client/io/net/ip/x.connect
at com/citrix/client/io/net/ip/v.<init>
at com/citrix/client/io/net/ip/v.<init>
at com/citrix/client/module/td/tcp/TCPTransportDriver.q
at com/citrix/client/module/td/TransportDriver.run
I have already opened a call at citrix, but we already seem to have checked
everything.
- Root and server Certs are installed on both CSG and NFUSE
and remember, it works perfectly with local ica-clients. That is realy crazy
!
Is their perhaps a known issue with certificates from Globalsign ?
I am wishufully waiting on some genious ideas !!!
Ciao, Daniel
dschoppmann@xxxxxx
http://www.schoppmann.com/
Meeräckerstr. 24
68163 Mannheim
home: 0621/8191407
mobil:0172/6395617
***********************************************
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
