IBM Support

** Troubleshooting ** "You have not chosen to trust "DigiCert SHA2 Secure Server CA", the issuer of the server's security certificate" errors launching Controller on Cloud

Troubleshooting


Problem

User authenticates to the Citrix storefront website, powered by IBM Cloud. User clicks on the Controller icon. An error appears.

Symptom

The exact error will vary depending on environment, but it will look similar to:

Windows PC:


Cannot connect to the Citrix XenApp server
SSL Error 61: You have not chosen to trust "DigiCert SHA2 Secure Server CA", the issuer of the server's security certificate.

Mac:

You have not chosen to trust "DigiCert SHA2 Secure Server CA", the issuer of the server's security certificate.
Contact your help desk for assistance.

Cause

There are several different possible causes:

 

  • Scenario #1 (most likely) - User's client device is using an old (unsupported) Citrix client.
    • For more details, see separate IBM Technote #1700416.

 

  • Scenario #2 - User's client device does not trust the relevant SSL certificate.
    • In one real-life customer case, the client MAC device did not trust the 'intermediate' certificate.

Resolving The Problem

Scenario #1

Upgrade client device to the latest Citrix client (also known as 'Citrix Receiver' and 'Citrix ICA client').

  • For more details, see separate IBM Technote #1700416.

 

Scenario #2

Install relevant SSL certificate on your client device.

 

Steps:

In one real-life example, where the client device was based on MacOS, the following steps solved the problem:

1. Check which certificate needs to be installed

  • TIP: This can be checked by opening the wild certificate ("*.controller.ibmcloud.com") from the IBM cloud website:

image-20181105190512-1

2. Select the 'details' drop-down:

image-20181105190718-3

3. At the bottom of the certificate, find the location of where digicert holds its intermediate cert.

  • In the above example, the link is:    http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

 

4. Click on that link to download the required certificate

5. Add this CRT file to your client device's keystore:

image-20181105190941-1

6. Test.

Related information

1700416 - "SSL Error 61: You have not chosen to trust "DigiCert ..."" when launching Controller on Cloud, caused by old Citrix client

Document information

More support for: Cognos Controller on Cloud

Software version: 10.3.1

Operating system(s): Mac OS, Windows

Reference #: 0738725

Modified date: 05 November 2018