You may want to look at the post install in the citrix package. Its, ahem, interesting. Also 12.1 introduces new security settings specifically around checking certs via CRL and OCSP If you use an authenticated proxy, this will fail SSLCertificateRevocationCheckPolicy. This feature improves the cryptographic authentication of the Citrix server and improves the overall security of the SSL/TLS connections between a client and a server.

This setting governs how a given trusted root certificate authority is treated during an attempt to open a remote session through SSL when using the client for OS X. When you enable this setting, the client checks whether or not the server’s certificate is revoked. There are several levels of certificate revocation list checking. For example, the client can be configured to check only its local certificate list, or to check the local and network certificate lists. In addition, certificate checking can be configured to allow users to log on only if all Certificate Revocation lists are verified. Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows an administrator to revoke security certificates (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name.

Receiver

Applicable values for this setting include: NoCheck. No Certificate Revocation List check is performed.

Download Receiver For Mac

Certificate revocation list check is performed. Only local certificate revocation list stores are used. All distribution points are ignored. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server.

Certificate Revocation List check is performed. Local Certificate Revocation List stores and all distribution points are used. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. Certificate Revocation List check is performed, excluding the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification.

Certificate Revocation List check is performed, including the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification. Note If you don’t set SSLCertificateRevocationCheckPolicy, FullAccessCheck is used as the default value. More info here: can be disabled with defaults write com.citrix.receiver.nomas SSLCertificateRevocationCheckPolicy NoCheck You can deploy a profile to do that as well.

Strange issue here. When I put the policy to Self Service and install, then original PKG downloaded from Citrix works: Downloading Install Citrix Receiver.pkg. Downloading Installing Install Citrix Receiver.pkg. Successfully installed Install Citrix Receiver.pkg.

Inventory will be updated when all queued actions in Self Service are complete. But when I am trying to push the installation then policy shows 'Failed' status: Downloading Install Citrix Receiver.pkg. Downloading Installing Install Citrix Receiver.pkg. Installation failed. The installer reported: installer: Package name is Citrix Receiver installer: Upgrading at base path / installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.) I tried to do 'sudo killall -kill', but it does not help.