Scenario: A user is attempting to access a web server, which is load-balanced by the NetScaler using HTTPS. The user received the following message:
SSL/TLS error: You have not chosen to trust “Certificate Authority” the issuer of the server’s security certificate.
What can a Citrix Administrator do to prevent users from viewing this message?
A. Ensure that the intermediate Certificate is linked to the Server Certificate.
B. Ensure that the user has the Server Certificate installed.
C. Ensure that the intermediate Certificate is linked to the Root Certificate.
D. Ensure that the user has the Certificate’s Public key.
C. Ensure that the intermediate Certificate is linked to the Root Certificate.
This error message suggests that the Mac client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the Secure Gateway/NetScaler Gateway server certificate.
Correct answer is A. You should never install a root cert on the netscaler… only the intermediate since this will break the whole pki trust relationship model.
https://docs.citrix.com/en-us/citrix-adc/12-1/ssl/ssl-certificates/add-group-certs.html