LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Citrix Client - troubleshooting (http://www.linuxquestions.org/questions/linux-software-2/citrix-client-troubleshooting-703164/)

yozoff 02-08-2009 01:43 PM

Citrix Client - troubleshooting
 
I have installed Citrix Client on my PC. The installation was very basic and easy, just follow the instructions. The problem came afterwards when I had to login to my desktop. The problem was the constant message that I have chose not to accept the certificate. What was puzzling me was the fact that I had seen no prompt for a certificate to accept/reject. Anyway, the long story short, I figured out that Firefox had put the certificate in a location different than the one the Citrix client expected/was looking into.

yozoff 02-08-2009 01:45 PM

Basically, the client was prompting me with a message with SSL error with code 61. I looked it up on Google and found this script that solves the problem.

-----------------

#!/bin/bash

#

# Version: 0.1

# Author: Peter Dyson <pete@geekpete.com>

# Purpose: A workaround until Citrix gets their act together and packages up a better install script.

# What it does: downloads and installs Thawte root certs in the required location.

#



# change the install dir to be whatever you need, you may have used a local dir in your homedir,etc.

CERTINSTALLDIR="/usr/lib/ICAClient/keystore/cacerts"

STARTDIR=$PWD



#echo $CERTINSTALLDIR

#exit

echo Current directory is: $STARTDIR

echo Creating temp download dir in $STARTDIR...

mkdir cert_download

cd cert_download

echo Fetching Thawte Root Certs...

wget https://www.verisign.com/support/thawte-roots.zip

echo Unzipping Thawte Root Certs...

unzip thawte-roots.zip

echo Copying Thawte Root Certs to $CERTINSTALLDIR and renaming them...

echo This step uses sudo, enter your user password to run this step as root:

sudo cp "Thawte Server Roots"/ThawtePremiumServerCA.cer $CERTINSTALLDIR/ThawtePremiumServerCA.crt



cd $STARTDIR

echo Removing temp download dir...

rm -rf cert_download

echo Citrix SSL Cert fix complete!

-----------------

yozoff 02-08-2009 01:46 PM

What the script does is connect to the internet site of Thawte and download the certificate for SSL from there, after which stores them in the directory where the Citrix client looks for certificates, i.e.
/usr/lib/ICAClient/keystore/cacerts

yozoff 02-08-2009 01:49 PM

I should mention that I am running Ubuntu 8.10 and for me I have to run the commands needed admin rights with sudo. In your case you might need to change (or log in) as a super user. So for me I just do
sudo ...
but for you you might need first
su -
and then the rest of the commands (without the preceding sudo).

yozoff 02-08-2009 02:08 PM

So, here is the troubleshooting you can use to chase the SSL error 61.
1. Let's figure out where are the certificates stored on your system. Open a terminal from Applications -> Accessories -> Terminal and run this commands

cd /
sudo find . -name *.crt | grep mozilla

This will show you all the certificates installed for the Mozilla browser, i.e. Firefox. In my case they are in the directory

/usr/share/ca-certificates/mozilla/

Do the same for the Citrix client, i.e.

sudo find . -name *.crt | grep ICAClient

This shows the certificates installed for the Citrix client. In my case they are in the directory

/usr/lib/ICAClient/keystore/cacerts/

2. In case you don't have this folder (I mean the one for the Citrix client) try to create it. Run the command

sudo mkdir -p /usr/lib/ICAClient/keystore/cacerts

3. Check the attributes of the directory.
In my case the directory has the following attributes:

dx-rx-rx-r root sys cacerts

which means that it belongs to root and its group is sys and only read and execute operations are allowed. This is a bit strange because the mozilla directory from above allows read/write for root

drwxr-xr-x root root mozilla

Check your system to compare by running the command

ls -l /usr/share/ca-certificates/ | grep mozilla

Run the following command to fix the attributes of the folder:

sudo chmod 755 /usr/lib/ICAClient/keystore/cacerts

I am guessing that this might not really be necessary, but just to be on the safe side do this change. You can always change it to the way it was before by running the same command from above, but changing the 755 into 555.

4. Copy the certificates from the mozilla directory into the Citrix client's one.
Run the following command:

sudo cp -u /usr/share/ca-certificates/*.crt /usr/lib/ICAClient/keystore/cacerts/

This will copy all the new certificates from the mozilla directory into the one for the Citrix client.

5. Try to log in again to your desktop using Firefox.


All times are GMT -5. The time now is 12:10 PM.