Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

GoDaddy WildCard Certificate with APM

Hello There,

We've recently switched from Thawte to GoDaddy for our certificates. We run LTM/APM with direct XML broker interrogation as a standard setup, which by and large meets all our needs.

We've found that with the GoDaddy WildCard certificate with Receiver on IOS devices won't launch any applications. All other connections work fine including launching apps out of the portal and using a webtop, Android devices, Receiver on Windows and even Mac. It's just iDevices that are the issue. We've testing with IOS 6 and 7, same thing, applications enumerate but don't launch sitting at "Starting Application" then bombing out to "Connection Error - Could not connect to server".

This feels like a firewall issue but of course, this works if we just update the certificate to the Thwate Wildcard (and fiddle with DNS).

The certificate has been bundled with gd_bundle.crt, the bundle cert came through with the certificate during purchase but, I’ve double checked the documentation and the bundled certs, and it's all correct.

I'm at a loss, don't really want to purchase a new Thawte Wildcard, not sure if I can get a refund on the GoDaddy.

Hope somebody can help

Frazer

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You might want to look at this thread: http://discussions.citrix.com/topic/348639-possible-receiver-bug/

It sounds like this may be some problem in the citrix mobile client.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Did this work fine with athlete? Is your clientssl profile using GoDaddy Intermediary as a Chain certificate? It needs to in order for iOS and some other clients to work properly. I am using Wildcard GoDaddy cert with no issues whatsoever.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thanks guys, we've tracked down the issue. SHA2 is not supported by Citrix Receiver on iOS devices, and the G2 cert we've received is indeed SHA256.

Michael - don't renew your cert in a hurry until Citrix fix the issue! :)

Thanks for the responces

0
Comments on this Answer
Comment made 09-Apr-2014 by Son of Tom 88
Or if you renew, make sure it's SHA1 (until 2017 when that option will probably disappear)
0
Comment made 09-Apr-2014 by Michael Koyfman 2088
Ha, thanks for the heads-up. My cert is due for renewal soon, but I was planning on switching to RapidSSL.... :)
0