Home > Citrix, Smartphones > iPhone Citrix Reciever V1.0 - Untrusted Certificate

iPhone Citrix Reciever V1.0 - Untrusted Certificate

May 8th, 2009
Goto comments Leave a comment

Once again,  no sooner had I written an article on the Citrix iPhone Receiver tech preview release  and Citrix announce the release of V1.0 at Citrix Synergy.  I should have known that was going to happen to be honest!

So I downloaded it as I was keen to see if it worked with my companies existing XenApp 4.5, Web Interface and Secure Gateway configuration.  I entered the details of the server, username, password, domain and configured the access gateway settings.  Straight away I was prompted to enter my passcode,  so far so good I thought. Then the error message “untrusted server certificate”  appeared, for some reason I was expecting an error,  I just knew it wasn’t going to be that easy.

I’ve been troubleshooting this for a couple of days now,  I don’t appear to be the only one having issues as there are a few posts on the Citrix forums on this problem.  I’m still actively troubleshooting but I appear to have two specific problems, server certificates on the iphone and the need for a PNAgent site on our external facing web interface server. 

UPDATE

I’ve now had a chance to spend some time looking into this and with the help of Scott from Citrix on the Citrix forums I’ve managed to get this working,  all be it without the 2 factor authentication that I require. So how did I get it working.

- Create a PNAgent site on your external facing web interface server
- Following the instructions in Thomas Koetzing article on creating an external facing PNAgent site
- Configure the iPhone reciever to connect to https://FQDNofCSG/Citrix/PNAgent/Config.xml
- Turn off the access gateway access,  it then uses domain authentication only. 

You may also find that you need to install the certificate of your Web Interface server on your iPhone in order to connect.  To do this I extracted the certificate and then sent it to my iPhone email,  opening the attachment allows you to install the certificate easily.

I’m trying to follow up on the lack of 2 factor authentication with the Citrix guys on the forum,  my fear is that if a user selected “logon automatically” then a lost iPhone gives access to your corporate network which could be very damaging indeed.

Citrix, Smartphones ,

  • cheria
    Hi. I sent the certificate to my iPhone e-mail and when I try installing it, I am prompted for a passcode! What is the code?
  • Forgive me it's been a while since I last looked into this, I pretty much abandoned it when I found out 2 fact authentication wasn't an option.

    Are you taking the Thawte Premium Root Certificate, for some reason I remember something about it needing to be the root certificate.

    I had a quick look on some of the old forum postings and some of the newer ones. The following may help you as Scott Macdonald at Citrix steps through how to import the certificate using the iPhone configuration software.

    http://forums.citrix.com/thread.jspa?threadID=2...
  • josephlam
    any update on how to get 2 factor working?
  • Have posted a thread on the Citrix forums in an attempt to find out exactly where this is at.
    http://forums.citrix.com/thread.jspa?threadID=2...
  • Hi there

    I had a quick look to see where this was at. I did find a posting on the Citrix forums that indicates that the need for 2 factor RSA based authentication has been raised to the Reciever product team but as yet has no release date. http://forums.citrix.com/thread.jspa?threadID=2...

    I then found a post which indicated that the new pin for RSA SecureID was due to be added to version 2.5 of the reciever. Currently the version on the iTunes store is V1.0.3 so it doesn't look like it's going to be soon
    http://forums.citrix.com/thread.jspa?threadID=2...
blog comments powered by Disqus