(OT!) Citrix and SSL and OSX

James Sentman james at sentman.com
Mon Jun 20 10:34:37 PDT 2005 

Hi Folks,

I had hoped that I might tap the list for some information on an  
unrelated issue I'm having this morning. First, the backstory: My  
wife works at the local hospitals and has been happily logging into  
their patient systems via citrix on her iBook for the last 2 years.  
Every so often they change something and she has to mess around until  
she figures out how to make it work again. 3 days ago or so it  
appears that they updated their SSL certificate and we can no longer  
get her connected. The browsers now popup that warning that they  
can't validate the certificate, but you can click OK and continue.  
Citrix, on the other hand, has no continue button and brings up an  
error that just says that you have chosen not to trust this  
certificate and so it must quit.

There is a link on their page for downloading the new certificate. I  
did download it and added it to the keychain and now the browsers  
don't complain anymore, but citrix doesn't appear to be smart enough  
to ask the keychain about it.

It is my gut feeling that I need to add the certificate to OpenSSL  
itself so that it wont generate the error in the first place. But  
while I can find any number of tutorials for adding it to the  
keychain in various and wonderful ways (even from the command line) I  
don't see anything about OpenSSL itself.

I'm hoping that someone here either has experience with citrix or  
OpenSSL and can point me in the right direction. Please don't make me  
become an expert on the subtle art that is SSL ;)

For those interested, i think the whole citrix thing is hilarious to  
start with in this case. As the application that she then runs is  
BROWSER based! So she launches a browser to connect to a system to  
get a connection with a remote interface product which then runs  
another browser :D Couldn't the browser just connect via https in the  
first place? Or wouldn't that validate their IT budget for the year?

I guess that is the best way around the fact that you cannot develop  
a truly useful interface in IE that works in more than one version or  
is compatible with any other browsers on the planet... So this is  
their workaround. Browsers don't work for an interface that  
complicated, so we'll use citrix to force you to use only this  
particular version IE....

Sorry for ending on the soapbox ;) I was up rather late fighting with  
this..

Thanks for any advice or pointers.
  James

More information about the XTensionlist mailing list