Kinetic (2022.1) Smart Client on Citrix

Long time lurker, first time poster so please be gentle

This is a great community. Many thanks to those who organize, maintain and participate!

I’m a consultant/administrator for a client implementing Epicor Kinetic (2022.1.18) for an offshore office located in Dominican Republic. The Smart Client for these new users is installed on our Citrix servers. On login for these users we get the following error:

Unable to Log On
The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channel.

I know this is related to our self-signed certificate because we encountered same for our US based production system users when we installed on their local machines. The certificate is installed on the Citrix servers. We can login to Kinetic without error if the user is member of local administrators but we don’t want to put our day to day users in that group.

Any advice and or suggestions how best to resolve this?

our kinetic servers are on premise

Have you installed the certificate into the local computer, or user certificates store?
(On the Citrix Server)

Yes, the certificate has been installed on the Citrix server in Local Machine store

Try it in the user store.

There a way to do that easily for these users without them logging on server directly? Sorry if a dumb question

I don’t think it is one. My Citrix knowledge is limited.

I’m assuming it runs in the context of a user for the remote desktop. I don’t know an
easy way to get it in there.

Maybe just test one the manual way before proceeding further.

I may be mistaken, but I believe @hkeric.wci has a lot of Citrix experience.

tx @klincecum

If you’re using self signed, I believe you need to import to both the Personal and Trusted Root CA stores on each Citrix server. As far as I know there is nothing that makes a Citrix server special as opposed to any other server when it comes to this.

Definitely recommend moving away from self-signed though…