Recently at work, we had to install some new SSL certificates. All seemed to well, except for the Citrix Secure Gateway - when some clients (such as Macs) tried to connect, they got something like:
Citrix Receiver for Mac SSL Error 61: You have not chosen to trust "Foobar", the issuer of the server's security certificate.
This was obnoxious to track down. You need to upgrade to Citrix Receiver 11.7 for Mac or later, which adds support for SHA-2 certificates.
Oh, and there’s still no support for SHA-2 on iOS or Android. Meh.