<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Ah! Very cool! TY! <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>/Raj<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> ale-bounces@ale.org [mailto:ale-bounces@ale.org] <b>On Behalf Of </b>Jim Kinney<br><b>Sent:</b> Tuesday, October 18, 2016 12:35 PM<br><b>To:</b> Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><br><b>Subject:</b> [ale] Citrix client on linux - how to fix missing CA certificates<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Citrix client is sometime required for work. It allows a remote application that runs from a windows server to be usable without installtion on a Linux desktop.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>However, the Citrix receiver installation doesn't doesn't ship with much understanding of known CA certs and thus trows up error codes and blocks access.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The fix is to install the entire cert chain for the connector into the citrix cacerts folder. Firefox makes this pretty easy.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Log into the connector website "<a href="https://mycitrixsite.mywork.com">https://mycitrixsite.mywork.com</a>" and click on the "lock" icon in the URL bar. Now open the certificate fully and get to the "details" tab. The top panel is called "Certificate Hierarchy" and the chain of certs you need Citrix to use. Select the top one, choose "Export" at the bottom, make sure it's X.509 (PEM) type and adjust the extension in the name from .crt to .pem. Repeat for all others in the chain. Make note of where they were put. Now copy those .pem file to the Citrix cacerts folder. On an RPM installation (and this seems to be a common location for all Citrix installs) it's /opt/Citrix/ICAClient/keystore/cacerts. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you have multiple sites, just repeat the cert export/copy process.<o:p></o:p></p></div><div><pre>-- <o:p></o:p></pre><pre>James P. Kinney III<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Every time you stop a school, you will have to build a jail. What you<o:p></o:p></pre><pre>gain at one end you lose at the other. It's like feeding a dog on his<o:p></o:p></pre><pre>own tail. It won't fatten the dog.<o:p></o:p></pre><pre>- Speech 11/23/1900 Mark Twain<o:p></o:p></pre><pre><o:p> </o:p></pre><pre><a href="http://heretothereideas.blogspot.com/">http://heretothereideas.blogspot.com/</a><o:p></o:p></pre></div></div></body></html>