Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Citrix SSL error 47 peer sent a handshake failure alert?
12-04-2017, 01:39 PM,
#1
Question  Citrix SSL error 47 peer sent a handshake failure alert?
I have been going round in circles trying to fix certs to no avail

(sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts)

searched the Forum and found nothing specific to this error but admit my search-fu is weak at times

but still getting the error and sometimes error 60 and 40
the client will log in OK but when opening an app it gets to the connecting progress bar then falls over with errors.
One thing I noticed is the time seems to be 2 seconds slow compared to the domain time - could this be the issue or is there something else I am missing?
Reply
12-04-2017, 03:55 PM,
#2
RE: Citrix SSL error 47 peer sent a handshake failure alert?
Hi,

the error you got is very unspecific and therefore not easy so resolve.
Are you internal oder external and is a netscaler in use?
What if you use the windows client instead the rpitc?
Any certificate issues if you connect via webbrowser?

Usually this is a problem with your certificate, certificate chain, root certifcate not trusted or a name resolution issue that indicates this problem.

Regards DaWast
-= Feel Free to use the Search function in the upper right corner =-
Reply
12-04-2017, 04:01 PM,
#3
RE: Citrix SSL error 47 peer sent a handshake failure alert?
Thanks - glad to hear it is not easy

this is external not on our network
there is a netscaler yes
windows does not have this issue externally
get same SSL error connecting by browser

I have followed all the steps on here to set the certs to trust but given that it fails in the browser too suggests the name resolution (saw another error with that at times) could be the root cause
Reply
12-04-2017, 04:05 PM,
#4
RE: Citrix SSL error 47 peer sent a handshake failure alert?
Do you get a certificate warning in the browser and if what dose it say?
Could be a missing intermediate certificate on the certificate chain of the netscaler.
Are you the admin of the netscaler too?
Because i don't think you can fix this on your side.
-= Feel Free to use the Search function in the upper right corner =-
Reply
12-04-2017, 04:34 PM,
#5
RE: Citrix SSL error 47 peer sent a handshake failure alert?
I am a mere technician playing with RPi out of curiosity, managed to get it working on ubuntu back in the day and that again was mozilla certs to copy and trust. I have copied and rehashed certs but I am sure I saw one or more fail...
browser gives same warning as it is calling the citrix app when getting the progress on connect to the VDI
(thanks for your time by the way)
Reply
12-04-2017, 04:43 PM,
#6
RE: Citrix SSL error 47 peer sent a handshake failure alert?
Can you provide some more informations.
What version of RPiTC are you using?
Do you have any certificate warnings accessing the web interface and before starting any app?
The fail in the rehash could happened because of already present certificates.
-= Feel Free to use the Search function in the upper right corner =-
Reply
12-04-2017, 05:04 PM,
#7
RE: Citrix SSL error 47 peer sent a handshake failure alert?
RPi-TC v3 1.12
Receiver v13.5
No other warnings with other sites or apps
Reply
12-04-2017, 05:21 PM,
#8
RE: Citrix SSL error 47 peer sent a handshake failure alert?
Im pretty sure that the issue is related to the Citrix farm configuration.
I think you may have a problem with encryption cyphers missmatch.
So maybe the netscaler and the receiver cant settle a cypher correctly and therefore the connection could not be established
This could be because of miss or even wanted configuration.
If you know how you can try to make a network tcpdump and check if there are any additional informations in the ssl handshake session.

You can try to test the certificate with https://www.ssllabs.com/ssltest/
But better tick the "Do not show the results on the boards"

Also you could check if this:
http://forums.citrix.com/message.jspa?messageID=49 4296

In addition i recommend you to open a case at the citrix support forum.
-= Feel Free to use the Search function in the upper right corner =-
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)