[ale] Citrix client on linux - how to fix missing CA certificates

Jim Kinney jim.kinney at gmail.com
Tue Oct 18 12:35:12 EDT 2016


Citrix client is sometime required for work. It allows a remote
application that runs from a windows server to be usable without
installtion on a Linux desktop.

However, the Citrix receiver installation doesn't doesn't ship with
much understanding of known CA certs and thus trows up error codes and
blocks access.

The fix is to install the entire cert chain for the connector into the
citrix cacerts folder. Firefox makes this pretty easy.

Log into the connector website "https://mycitrixsite.mywork.com" and
click on the "lock" icon in the URL bar. Now open the certificate fully
and get to the "details" tab. The top panel is called "Certificate
Hierarchy" and the chain of certs you need Citrix to use. Select the
top one, choose "Export" at the bottom, make sure it's X.509 (PEM) type
and adjust the extension in the name from .crt to .pem. Repeat for all
others in the chain. Make note of where they were put. Now copy those
.pem file to the Citrix cacerts folder. On an RPM installation (and
this seems to be a common location for all Citrix installs)
it's /opt/Citrix/ICAClient/keystore/cacerts. 

If you have multiple sites, just repeat the cert export/copy process.
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20161018/1f4bf808/attachment.html>


More information about the Ale mailing list