Problems with Citrix Client on Linux?

Posted by torh
February 29, 2008

Updated March 25th

Everytime I install the Linux Citrix Client it seems like I run into problems with SSL-Certificates. The message usually sounds like this:

You have not chosen to trust “Thawte Server CA”, the issuer of the server’s security cerfiticate (SSL error 61).

You might have another company listet as issuer on your server.
Anyway, let’s fix it.

Run the following command as a superuser, also known as root:

cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts/

That’s it!

This assumes that the ICA Client is installed in the default directory. Also you need to have Mozilla Firefox a package called ca-certificates installed since we are using its certificats.

Please leave a comment if you found this useful.

Linux

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by David Wright on April 13, 2008 @ 12:12 am

I have done all of the above, but when I click on the icon for the Citrix Application I get:
Client Error: The SOCKS 5 handshake failed (SSL error 29).
Any suggestions?

Comment by -j- on April 14, 2008 @ 9:06 pm

Im using debian 2.6.24-1-amd64, installed the ca-certificates and copied the line, but same error message still.

I assume the ca-certificates are missing something, any idee

Comment by torh on April 21, 2008 @ 8:45 am

David: Strange, never seen that one. But I have only testet this on Ubuntu though. What distribution did you use?

Comment by Richard on May 6, 2008 @ 10:22 pm

Thanks for the great tip…. after a day search on the internet to get my Citrix ICA working, I have put in the command as discribed and gues what… it works!!!!

You have not chosen to trust “equifax secure global ebusiness ac-1″ ssl error 61.
This is what I had all the time and without any luck I added certificates (entrust_ssl_ac.cer) but didn’t work eather… very frustrating but luckely found your website….

Thanks again for a this….great job !!!!!

Richard

(Linux mint 4.0)
Firefox 2.0.0.13

Comment by Steve on May 15, 2008 @ 6:19 am

I have been dealing with this same issue for about a month. I got to the point of giving up, but this article fixed my problem completely. I can now use Citrix on Ubuntu 8.04. Thanks.

Comment by Hamish on May 18, 2008 @ 12:12 pm

Just wanted to say - I’ve been looking for a simple solution to this problem a while - thanks!

Comment by Andy on June 10, 2008 @ 10:00 pm

I tried your tip here on a Ubuntu 8.04, but did not work, I received a message:
“You have not chosen to trust “UTN-USERFirst-Hardware”, the issuer of the server’s security certificate (SSL error 61)”

More tips anyone?

Comment by Bear on June 11, 2008 @ 12:14 pm

I have also followed the instructions on this site about installing the certificates etc. This has fixed my initial problem but now I get the SOCKS 5 handshake failed (SSL error 29) problem described by David Wright.

Does anyone else anywhere on the internet get this issue ????

I am running Ubuntu 7.04 and trying to connect to Citrix Presentation Server 4.5 via Secure Gateway using the Linux ICA client.

Comment by torh on June 11, 2008 @ 6:37 pm

@Andy:
This is probably because UTN-USERFirst-Hardware isn’t a big and trusted supplier of certificates. However you can visit this site http://www.usertrust.com/cacerts/ and download the appropriate certificate file and save it in the directory mentioned earlier. No guarantee though :)

Comment by Andy on June 11, 2008 @ 8:38 pm

Thank you torh!
I downloaded the crt-file and saved it into the ICAClient/linuxx86/keystore/cacerts/ folder, now everything works! Thank you!

Comment by torh on June 11, 2008 @ 8:51 pm

@Andy: Glad to hear that it worked.

Comment by Ben on July 14, 2008 @ 1:18 pm

+1 for orignal post working… Ubuntu Hardy.

Thanks!!!

Comment by timdatoolman83 on July 18, 2008 @ 5:17 am

Yes!!!! Your suggestion fixed my ssl error 61 problem!!! Thank you so much!!!

Leave a comment

(required)

(required)