I’ve written about this issue before, in 2008. But as it turns out, the problem still exists with todays version of the Citrix client, version 12.0, now called Citrix Receiver. And people are still searching for an answer on how to solve this issue.

You have not chosen to trust [certificate] the issuer of the server’s security certificate (SSL error 61)

Both the problem and the solution is the same as before, only the name and the path is different. The path depends on whether you installed the client/receiver as a normal user, or root, also known as the superuser.

I’ve used Ubuntu 11.04 here, but I reckon it’ll work on any Linux distribution.

The problem is this; When you install the Citrix Receiver, it will only install a handful of certificate files, and we’ll have to provide the rest. Now, where can we find a reliable source of SSL certificates? Well, it turns out that we most likely have that already. The same source our browser is using.

 /usr/share/ca-certificates/mozilla/

Just copy those .crt files over to the Citrix keystore, and we should be done. If the client is installed under /opt/Citrix/ICAClient/, run this command in a terminal:

sudo cp /usr/share/ca-certificates/mozilla/* \
/opt/Citrix/ICAClient/keystore/cacerts/

If it’s installed in your home directory, this command should work:

cp /usr/share/ca-certificates/mozilla/* \
$HOME/ICAClient/linuxx86/keystore/cacerts/

If you are using a home made certificate, or for some reason this doesn’t work for you, you’ll have to track down the correct .crt files yourself. But at least now you’ll know where to place them.