January 13, 2014

Citrix Receiver for iPad and iPhone Fails When Using SHA2 Algorithm on Netscaler

Summary:
The following behavior was experienced on Netscalers running version 9.3 - 10.1, iOS devices running iOS 6 – 7, and Receiver for iOS 5.6 – 5.8. When a user logs on using Citrix Receiver for iOS (iPad & iPhone), the applications are
enumerated properly. However when attempting to start any of the applications, applications fail with the following error message:

“Connection Error. Citrix Receiver could not establish connection with remote host. Please contact your administrator for assistance.”

Cause:
The Receiver for iOS as well as other smart devices does not support SHA2 hash algorithm or higher. Check Citrix Receiver Feature Matrix for updates  on future support for FIPS 140/SHA-2 hash algorithm on iOS and other smart devices.

SHA1

SHA2


Note:
SHA-2 or higher algorithms are supported on the Netscaler. Also something to note; this didn’t affect the Receiver for Android 3.4.13 during my troubleshoot.

Resolution:
Contact your CA (DigiCert, VeriSign, etc.) for support. You can request a SSL cert using SHA-1 algorithm.

Additional:
In my case with this issue; the customer was using DigiCert as a CA and their support was excellent in assisting us with our SHA1 request.

Citrix Links:

1 comment:

  1. Thanks Roger! This ended up being our issue also after upgrading certificates on our Netscalers.

    Additionally, we found that older Citrix clients (pre-receiver) on Windows and Macs also had issues. Once the problematic systems were upgraded to a current receiver, everything worked as expected. However we will still need to reinstall SHA1 certificates now to support all mobile devices again.

    ReplyDelete