<html><head></head><body><div>Citrix client is sometime required for work. It allows a remote application that runs from a windows server to be usable without installtion on a Linux desktop.</div><div><br></div><div>However, the Citrix receiver installation doesn't doesn't ship with much understanding of known CA certs and thus trows up error codes and blocks access.</div><div><br></div><div>The fix is to install the entire cert chain for the connector into the citrix cacerts folder. Firefox makes this pretty easy.</div><div><br></div><div>Log into the connector website "<a href="https://mycitrixsite.mywork.com">https://mycitrixsite.mywork.com</a>" and click on the "lock" icon in the URL bar. Now open the certificate fully and get to the "details" tab. The top panel is called "Certificate Hierarchy" and the chain of certs you need Citrix to use. Select the top one, choose "Export" at the bottom, make sure it's X.509 (PEM) type and adjust the extension in the name from .crt to .pem. Repeat for all others in the chain. Make note of where they were put. Now copy those .pem file to the Citrix cacerts folder. On an RPM installation (and this seems to be a common location for all Citrix installs) it's /opt/Citrix/ICAClient/keystore/cacerts. </div><div><br></div><div>If you have multiple sites, just repeat the cert export/copy process.</div><div><span><pre><pre>-- <br></pre>James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
</pre></span></div></body></html>