Users Unable to Log on to Web Interface 5.4 When Using SSL Relay with SHA-2 (SHA256) Certificates

When using SSL Relay with SHA-2 (SHA256) Certificates, users cannot logon to Web Interface 5.4.

On Web Interface Event Viewer a misleading Event ID 30029 appears:

The Certification Authority is on Trusted Root Certification Authority of the Web Interface:

Complete the following steps to resolve this issue:

• Migrate to StoreFront 2.0 or later.??
  Note: The support for SHA-2??Certificates has been added to StoreFront?? 2.0 Services.

  OR

• If you do not wish to migrate to StoreFront 2.0 or later, complete the following steps:

  1. Open a case with Citrix Technical Support (you must be entitled to a valid Premiere Support Agreement) and obtain a newer netsslsdk.dll 12.1.0.23539 version. Mention CPR232327 in the Citrix Technical Support case.

  2. Run the following command on elevated privileges:
     iisreset /stop

  3. Move the old netsslsdk.dll file to a safe location (do not rename):
     C:\inetpub\wwwroot\Citrix\$yourwebsitepath$\bin\netsslsdk.dll

  4. Place the new netsslsdk.dll file in the following location:
     C:\inetpub\wwwroot\Citrix\$yourwebsitepath$\bin

  5. Run the following command on elevated privileges:
     iisreset /start

This is by design. Web Interface 5.4 (and 5.4.2.59, the latest Public version available) does not support SHA-2 (SHA256) Certificates.

CTX200114 - Citrix Receiver Support for SHA-2