Problems with Citrix Client on Linux?
Updated March 25th
Everytime I install the Linux Citrix Client it seems like I run into problems with SSL-Certificates. The message usually sounds like this:
You have not chosen to trust “Thawte Server CA”, the issuer of the server’s security cerfiticate (SSL error 61).
You might have another company listet as issuer on your server.
Anyway, let’s fix it.
Run the following command as a superuser, also known as root:
cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts/
That’s it!
This assumes that the ICA Client is installed in the default directory. Also you need to have Mozilla Firefox a package called ca-certificates installed since we are using its certificats.
Please leave a comment if you found this useful.
I have done all of the above, but when I click on the icon for the Citrix Application I get:
Client Error: The SOCKS 5 handshake failed (SSL error 29).
Any suggestions?
Im using debian 2.6.24-1-amd64, installed the ca-certificates and copied the line, but same error message still.
I assume the ca-certificates are missing something, any idee
David: Strange, never seen that one. But I have only testet this on Ubuntu though. What distribution did you use?
Thanks for the great tip…. after a day search on the internet to get my Citrix ICA working, I have put in the command as discribed and gues what… it works!!!!
You have not chosen to trust “equifax secure global ebusiness ac-1″ ssl error 61.
This is what I had all the time and without any luck I added certificates (entrust_ssl_ac.cer) but didn’t work eather… very frustrating but luckely found your website….
Thanks again for a this….great job !!!!!
Richard
(Linux mint 4.0)
Firefox 2.0.0.13
I have been dealing with this same issue for about a month. I got to the point of giving up, but this article fixed my problem completely. I can now use Citrix on Ubuntu 8.04. Thanks.
Just wanted to say – I’ve been looking for a simple solution to this problem a while – thanks!
I tried your tip here on a Ubuntu 8.04, but did not work, I received a message:
“You have not chosen to trust “UTN-USERFirst-Hardware”, the issuer of the server’s security certificate (SSL error 61)”
More tips anyone?
I have also followed the instructions on this site about installing the certificates etc. This has fixed my initial problem but now I get the SOCKS 5 handshake failed (SSL error 29) problem described by David Wright.
Does anyone else anywhere on the internet get this issue ????
I am running Ubuntu 7.04 and trying to connect to Citrix Presentation Server 4.5 via Secure Gateway using the Linux ICA client.
@Andy:
This is probably because UTN-USERFirst-Hardware isn’t a big and trusted supplier of certificates. However you can visit this site http://www.usertrust.com/cacerts/ and download the appropriate certificate file and save it in the directory mentioned earlier. No guarantee though :)
Thank you torh!
I downloaded the crt-file and saved it into the ICAClient/linuxx86/keystore/cacerts/ folder, now everything works! Thank you!
@Andy: Glad to hear that it worked.
[...] Problems with Citrix on Linux: http://blog.torh.net/2008/02/29/problems-with-citrix-client-on-linux/ [...]
+1 for orignal post working… Ubuntu Hardy.
Thanks!!!
Yes!!!! Your suggestion fixed my ssl error 61 problem!!! Thank you so much!!!
Thank you very much, I finally have Citrix working!
Thanks for great issue.
A strange thing is that couple months ago everything was working without magic cp string. I had successfully connected to my company server from Ubuntu 8.04 and PCLOS, but today on new Ubuntu installation the problem appeared.
It’s OK now.
Hi
I am facing a problem while copying any text from Ubuntu(Linux Debian Flavour)application like open-office or any other text displaying or writing application to citrix client application, text formatting gone away like if i copy two different paragraphs to citrix it just concatenate the two paragraphs or remove all the blank lines from the text. If anybody having the solution plz help me.
Thanks a lot …. It worked the first time (after many searches) .
I have xubuntu, xfce, mozilla.
Thanx Thanx Thanx!!!!
I’ve had lot’s of problem getting this to work. I’ve googled myself through half of the web and I’ve found many different and complicated sollutions, wich never helped me. But this post solved the problem for me once and for all. So easy! thanx again
Still doesn’t work for me. :(
@Agneta: Hmm.. what does your error message say?
Works just fine, thanks. One question though: when Citrix runs in seamless mode, I can’t find how to switch back and forth between Citrix window and local PC (Ubuntu 8.04). Any idea? Is there, like VirtualBox, a special key to use before using CTRL right/left arrow?
Hi Tor,
Wondering if you can help me as well. I am trying to connect to my office remotely using a mac os x v10.4 via citrix ICA and get the following error message every time:
ssl error 29: the socks 5 handshake failed. Error number: 183
I have tried using both firefox v2.0 and safari v3.1 and the citrix blog is full of questions but short on solutions.
Thanks!
Thanks a lot! This seems to be the only place on the web where you find this solution although I would imagine that the problem is common! I’m running Ubuntu 8.04.
I consider myself pretty proficient at systems, but this had me stumped!!!!
Thanks for the post. Saw a lot of errors when I ran the command, but it works!!!!!!!!!!!!!
[...] to http://blog.torh.net/2008/02/29/problems-with-citrix-client-on-linux/ for that [...]
Bloody Marvelous -
As a company we have had no success it getting this to work – and I know of 3 people who have spent a lot of time following the copying of certificates etc etc
We are not worthy ……..
Thanks a lot
@torh
Had the same problem as Andy, used same solution, got same result: worked.
on bended knee with tears of joy … I proclaim my gratitude!
I don’t have a dir /ca-certificates/mozilla/*
I do have:
jss@suse11:/usr/lib/ICAClient/keystore/cacerts> ls
BTCTRoot.crt Class4PCA_G2_v2.crt Pcs3ss_v4.crt
Class3PCA_G2_v2.crt GTECTGlobalRoot.crt SecureServer.crt
When I connect via Citrix nothing happens when I launch an app. It asks to save the ica file then nothing.
Thoughts?
Jeff:
If you get a question about saving the .ica file, the Citrix application is most likely not installed correctly.
Which web browser are you using?
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7)
Thanks a lot, good tip !!
THANKS AGAIN !!.
JP
Thank you a lot. You fixed my issue. Everywhere else gave me a bum steer. You rock!
Now I am running Jaunty Jackalope, and ver 11 of the ICA client, but I still get:
Client Error: The SOCKS 5 handshake failed (SSL error 29)
I don’t think this is a problem in the ICA client, as I can connect to one site, L, while I am unable to connect to another site, G, where I receive the SOCKS 5 handshake error. I am using Citrix client version 11.0-1 in openSUSE 11.1
To make matters worse, I only receive the error when connecting over Internet, not when I am on-site and connect over their LAN. I am able to connect to L from the wireless network on-site in G’s offices, but not able to connect to G over the same connection.
I reported the problem to the IT service desk of the company responsible for the solution. After a while I was called back, and they don’t have a solution. So far what he had found out was that this could be related to the server-side, where it seems this problem occurs only for the more recent version of the software.
What I currently do is connect to L and then connect from there (Windows environment) to G – awkward, but it got me connected!
I used the solution from
http://support.citrix.com/article/CTX122965
I.e. I opened port 1495 on my router/firewall. and Bingo!
Thanks! This was very much to the point and did the job for me at once.
Thank you, thank you, thank you.
After fighting with this for a a couple of day this was the solution that worked for me!
Thanks again.
Thank you. I can now get past error 61. However, I now get error 70 (expired certificate). Yes, the certificate has expired, but how can I tell the Linux client to go ahead and connect anyway? The Windows client gives a warning, but allows you to connect if you want.
Same problem for me… My government employer seems reluctant to update their certificate for one of the systems they make us use. Fortunately my main role does not see me needing to access it much, so I can use Windows computers when I need to… But it’s still annoying.
I have not found a way to bypass expired server certificates when using the Linux client.
You star! I’ve been fiddling around for a couple of days now trying to get Citrix to work on Ubuntu. Now it does! :-)
Thanks Tor. That was bugging me for a while. Downloading the certs for Equifax Secure Global from geotrust.com worked for 32 bit systems but it didn’t work on my amd64 system. This however solved the problem nicely thank you very much.
Ken.
Another vote of thanks. This worked in seconds after a couple of hours w other “tips”…
Ubuntu 9.10
Firefox 3.5.5
Citrix Receiver for Linux
You rock, I installed and configured Citrix and was able to log into my companies portal but when I lunched an app I’d get a Equifax cert error. I did all kinds of searches and could fins a solution until I came across this site.I did what you suggested about and coping everything to the ICA folder no Citrix works like a charm. Thanks so much
Ubuntu 9.10
Firefox 3.5.5
Works for me too! Thanks a lot!!!
Ubuntu 9.10
Firefox 3.5.8
Incredible. I too had spent at least a day trawling the net and reading many confusing and sometimes confused suggestions of how to resolve this.
Thanks a million
perfect, it works!!
Many thanks
Thank you so much Tor – ‘t works like charm!
Only wish I’d found your post earlier :-)
Engelbert