Citrix Client - troubleshooting
I have installed Citrix Client on my PC. The installation was very basic and easy, just follow the instructions. The problem came afterwards when I had to login to my desktop. The problem was the constant message that I have chose not to accept the certificate. What was puzzling me was the fact that I had seen no prompt for a certificate to accept/reject. Anyway, the long story short, I figured out that Firefox had put the certificate in a location different than the one the Citrix client expected/was looking into.
Basically, the client was prompting me with a message with SSL error with code 61. I looked it up on Google and found this script that solves the problem.
# Version: 0.1
# Author: Peter Dyson <firstname.lastname@example.org>
# Purpose: A workaround until Citrix gets their act together and packages up a better install script.
# What it does: downloads and installs Thawte root certs in the required location.
# change the install dir to be whatever you need, you may have used a local dir in your homedir,etc.
echo Current directory is: $STARTDIR
echo Creating temp download dir in $STARTDIR...
echo Fetching Thawte Root Certs...
echo Unzipping Thawte Root Certs...
echo Copying Thawte Root Certs to $CERTINSTALLDIR and renaming them...
echo This step uses sudo, enter your user password to run this step as root:
sudo cp "Thawte Server Roots"/ThawtePremiumServerCA.cer $CERTINSTALLDIR/ThawtePremiumServerCA.crt
echo Removing temp download dir...
rm -rf cert_download
echo Citrix SSL Cert fix complete!
What the script does is connect to the internet site of Thawte and download the certificate for SSL from there, after which stores them in the directory where the Citrix client looks for certificates, i.e.
I should mention that I am running Ubuntu 8.10 and for me I have to run the commands needed admin rights with sudo. In your case you might need to change (or log in) as a super user. So for me I just do
but for you you might need first
and then the rest of the commands (without the preceding sudo).
So, here is the troubleshooting you can use to chase the SSL error 61.
1. Let's figure out where are the certificates stored on your system. Open a terminal from Applications -> Accessories -> Terminal and run this commands
sudo find . -name *.crt | grep mozilla
This will show you all the certificates installed for the Mozilla browser, i.e. Firefox. In my case they are in the directory
Do the same for the Citrix client, i.e.
sudo find . -name *.crt | grep ICAClient
This shows the certificates installed for the Citrix client. In my case they are in the directory
2. In case you don't have this folder (I mean the one for the Citrix client) try to create it. Run the command
sudo mkdir -p /usr/lib/ICAClient/keystore/cacerts
3. Check the attributes of the directory.
In my case the directory has the following attributes:
dx-rx-rx-r root sys cacerts
which means that it belongs to root and its group is sys and only read and execute operations are allowed. This is a bit strange because the mozilla directory from above allows read/write for root
drwxr-xr-x root root mozilla
Check your system to compare by running the command
ls -l /usr/share/ca-certificates/ | grep mozilla
Run the following command to fix the attributes of the folder:
sudo chmod 755 /usr/lib/ICAClient/keystore/cacerts
I am guessing that this might not really be necessary, but just to be on the safe side do this change. You can always change it to the way it was before by running the same command from above, but changing the 755 into 555.
4. Copy the certificates from the mozilla directory into the Citrix client's one.
Run the following command:
sudo cp -u /usr/share/ca-certificates/*.crt /usr/lib/ICAClient/keystore/cacerts/
This will copy all the new certificates from the mozilla directory into the one for the Citrix client.
5. Try to log in again to your desktop using Firefox.
|All times are GMT -5. The time now is 01:02 PM.|