[THIN] Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
- From: "Joe Shonk" <JShonk@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2003 14:09:02 -0800
Try installing the Root CA on the client.
Joe
-----Original Message-----
From: Daniel Schoppmann [mailto:dschoppmann@xxxxxx]
Sent: Wednesday, January 08, 2003 2:13 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a
cooperate Network and via java client
Hi List
We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from Globalsign.
All secured over 443. STA in Cooperate Network.
From outside company network (internet) access via ICA-full and =
webclient
works perfect.
Here the 2 problems we still have:
1. From inside the coorperate Network (the client has to traverse Proxy,
Firewall, Router) it is not possible to open Metaframe apps. SSL error =
40 !
First of all I thought this doesn't matter for our network, because I =
also
have an internal NFUSE Server for access within the VPN. But know we =
want to
access our Metaframe server through our NFUSE in DMZ from other =
companies
cooperate networks (or Intranet or whatever the common name is) using =
their
Internet access way.(ASP)
The NFuse "client side firewall" settings are set to "use proxy settings
from Browser".
No my question: I think all that is need to be open on the client side
firewall is Port 80 and port 443. Am I right ?
The first test we made from another companies network brought ssl error =
40.
Any ideas ?
Anyone made same experience from other companies network with such an =
ASP
like environment ?
2. As already said above, from outside company network (internet) access =
via
ICA-full and webclient works perfect.
The Java Client doesn't work. It start and then brings an error sounds =
like,
that
Translated from German:
The security certificate of the server is not trustworthy. To allow =
access
to this server, you have to install the certificate "GlobalSign Root CA"
Details shows:
SslCertificateNotTrustedException. Issuer "GlobalSign Root CA"
at com/citrix/sdk/security/exceptions/SslException.convert
at com/citrix/sdk/security/ssl/SslOutputStream.write
at
com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginSo=
cks
5Handshake
at com/citrix/sdk/security/socks/a/b.a
at com/citrix/sdk/security/socks/a/b.b
at com/citrix/sdk/security/socks/a/b.<init>
at com/citrix/sdk/security/Socks5SocketFactory.createSocket
at com/citrix/sdk/security/SocketFactory.createSocks5Socket
at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket
at java/lang/reflect/Method.invoke
at com/citrix/client/io/net/ip/x.b
at com/citrix/client/io/net/ip/x.c
at com/citrix/client/io/net/ip/x.a
at com/citrix/client/io/net/ip/x.connect
at com/citrix/client/io/net/ip/v.<init>
at com/citrix/client/io/net/ip/v.<init>
at com/citrix/client/module/td/tcp/TCPTransportDriver.q
at com/citrix/client/module/td/TransportDriver.run
I have already opened a call at citrix, but we already seem to have =
checked
everything.
- Root and server Certs are installed on both CSG and NFUSE
and remember, it works perfectly with local ica-clients. That is realy =
crazy
!
Is their perhaps a known issue with certificates from Globalsign ?
I am wishufully waiting on some genious ideas !!!
Ciao, Daniel
dschoppmann@xxxxxx
http://www.schoppmann.com/
Meer=E4ckerstr. 24
68163 Mannheim
home: 0621/8191407
mobil:0172/6395617
***********************************************=20
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
***********************************************
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
