Forum Discussion

Son_of_Tom_1379's avatar
Son_of_Tom_1379
Icon for Nimbostratus rankNimbostratus
Apr 09, 2014

GoDaddy WildCard Certificate with APM

Hello There,

 

We've recently switched from Thawte to GoDaddy for our certificates. We run LTM/APM with direct XML broker interrogation as a standard setup, which by and large meets all our needs.

 

We've found that with the GoDaddy WildCard certificate with Receiver on IOS devices won't launch any applications. All other connections work fine including launching apps out of the portal and using a webtop, Android devices, Receiver on Windows and even Mac. It's just iDevices that are the issue. We've testing with IOS 6 and 7, same thing, applications enumerate but don't launch sitting at "Starting Application" then bombing out to "Connection Error - Could not connect to server".

 

This feels like a firewall issue but of course, this works if we just update the certificate to the Thwate Wildcard (and fiddle with DNS).

 

The certificate has been bundled with gd_bundle.crt, the bundle cert came through with the certificate during purchase but, I’ve double checked the documentation and the bundled certs, and it's all correct.

 

I'm at a loss, don't really want to purchase a new Thawte Wildcard, not sure if I can get a refund on the GoDaddy.

 

Hope somebody can help

 

Frazer

 

application delivery
BIG-IP Access Policy Manager (APM)
citrix
LTM
security

5 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Apr 09, 2014

    You might want to look at this thread: http://discussions.citrix.com/topic/348639-possible-receiver-bug/

     

    It sounds like this may be some problem in the citrix mobile client.

     

  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Apr 09, 2014

    Did this work fine with athlete? Is your clientssl profile using GoDaddy Intermediary as a Chain certificate? It needs to in order for iOS and some other clients to work properly. I am using Wildcard GoDaddy cert with no issues whatsoever.

     

  • Son_of_Tom_1379's avatar
    Son_of_Tom_1379
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2014

    Thanks guys, we've tracked down the issue. SHA2 is not supported by Citrix Receiver on iOS devices, and the G2 cert we've received is indeed SHA256.

     

    Michael - don't renew your cert in a hurry until Citrix fix the issue! :)

     

    Thanks for the responces

     

    • Son_of_Tom_1379's avatar
      Son_of_Tom_1379
      Icon for Nimbostratus rankNimbostratus
      Apr 10, 2014
      Or if you renew, make sure it's SHA1 (until 2017 when that option will probably disappear)
    • Michael_Koyfma1's avatar
      Michael_Koyfma1
      Icon for Cirrus rankCirrus
      Apr 10, 2014
      Ha, thanks for the heads-up. My cert is due for renewal soon, but I was planning on switching to RapidSSL.... :)