LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-08-2009, 02:43 PM   #1
yozoff
LQ Newbie
 
Registered: Jul 2006
Location: The Hague
Distribution: Ubuntu Feisty
Posts: 7

Rep: Reputation: 0
Citrix Client - troubleshooting


I have installed Citrix Client on my PC. The installation was very basic and easy, just follow the instructions. The problem came afterwards when I had to login to my desktop. The problem was the constant message that I have chose not to accept the certificate. What was puzzling me was the fact that I had seen no prompt for a certificate to accept/reject. Anyway, the long story short, I figured out that Firefox had put the certificate in a location different than the one the Citrix client expected/was looking into.
 
Old 02-08-2009, 02:45 PM   #2
yozoff
LQ Newbie
 
Registered: Jul 2006
Location: The Hague
Distribution: Ubuntu Feisty
Posts: 7

Original Poster
Rep: Reputation: 0
Basically, the client was prompting me with a message with SSL error with code 61. I looked it up on Google and found this script that solves the problem.

-----------------

#!/bin/bash

#

# Version: 0.1

# Author: Peter Dyson <pete@geekpete.com>

# Purpose: A workaround until Citrix gets their act together and packages up a better install script.

# What it does: downloads and installs Thawte root certs in the required location.

#



# change the install dir to be whatever you need, you may have used a local dir in your homedir,etc.

CERTINSTALLDIR="/usr/lib/ICAClient/keystore/cacerts"

STARTDIR=$PWD



#echo $CERTINSTALLDIR

#exit

echo Current directory is: $STARTDIR

echo Creating temp download dir in $STARTDIR...

mkdir cert_download

cd cert_download

echo Fetching Thawte Root Certs...

wget https://www.verisign.com/support/thawte-roots.zip

echo Unzipping Thawte Root Certs...

unzip thawte-roots.zip

echo Copying Thawte Root Certs to $CERTINSTALLDIR and renaming them...

echo This step uses sudo, enter your user password to run this step as root:

sudo cp "Thawte Server Roots"/ThawtePremiumServerCA.cer $CERTINSTALLDIR/ThawtePremiumServerCA.crt



cd $STARTDIR

echo Removing temp download dir...

rm -rf cert_download

echo Citrix SSL Cert fix complete!

-----------------

Last edited by yozoff; 02-09-2009 at 03:17 AM.
 
Old 02-08-2009, 02:46 PM   #3
yozoff
LQ Newbie
 
Registered: Jul 2006
Location: The Hague
Distribution: Ubuntu Feisty
Posts: 7

Original Poster
Rep: Reputation: 0
What the script does is connect to the internet site of Thawte and download the certificate for SSL from there, after which stores them in the directory where the Citrix client looks for certificates, i.e.
/usr/lib/ICAClient/keystore/cacerts
 
Old 02-08-2009, 02:49 PM   #4
yozoff
LQ Newbie
 
Registered: Jul 2006
Location: The Hague
Distribution: Ubuntu Feisty
Posts: 7

Original Poster
Rep: Reputation: 0
I should mention that I am running Ubuntu 8.10 and for me I have to run the commands needed admin rights with sudo. In your case you might need to change (or log in) as a super user. So for me I just do
sudo ...
but for you you might need first
su -
and then the rest of the commands (without the preceding sudo).
 
Old 02-08-2009, 03:08 PM   #5
yozoff
LQ Newbie
 
Registered: Jul 2006
Location: The Hague
Distribution: Ubuntu Feisty
Posts: 7

Original Poster
Rep: Reputation: 0
So, here is the troubleshooting you can use to chase the SSL error 61.
1. Let's figure out where are the certificates stored on your system. Open a terminal from Applications -> Accessories -> Terminal and run this commands

cd /
sudo find . -name *.crt | grep mozilla

This will show you all the certificates installed for the Mozilla browser, i.e. Firefox. In my case they are in the directory

/usr/share/ca-certificates/mozilla/

Do the same for the Citrix client, i.e.

sudo find . -name *.crt | grep ICAClient

This shows the certificates installed for the Citrix client. In my case they are in the directory

/usr/lib/ICAClient/keystore/cacerts/

2. In case you don't have this folder (I mean the one for the Citrix client) try to create it. Run the command

sudo mkdir -p /usr/lib/ICAClient/keystore/cacerts

3. Check the attributes of the directory.
In my case the directory has the following attributes:

dx-rx-rx-r root sys cacerts

which means that it belongs to root and its group is sys and only read and execute operations are allowed. This is a bit strange because the mozilla directory from above allows read/write for root

drwxr-xr-x root root mozilla

Check your system to compare by running the command

ls -l /usr/share/ca-certificates/ | grep mozilla

Run the following command to fix the attributes of the folder:

sudo chmod 755 /usr/lib/ICAClient/keystore/cacerts

I am guessing that this might not really be necessary, but just to be on the safe side do this change. You can always change it to the way it was before by running the same command from above, but changing the 755 into 555.

4. Copy the certificates from the mozilla directory into the Citrix client's one.
Run the following command:

sudo cp -u /usr/share/ca-certificates/*.crt /usr/lib/ICAClient/keystore/cacerts/

This will copy all the new certificates from the mozilla directory into the one for the Citrix client.

5. Try to log in again to your desktop using Firefox.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
citrix client on linux ylrcom General 2 08-01-2008 04:30 AM
Citrix Client under Mozilla TheRealDeal Linux - General 2 12-21-2005 09:22 AM
Citrix Client Install pfunck123 Linux - Newbie 3 12-21-2005 09:18 AM
Citrix client problems slyhne Linux - Networking 2 09-18-2004 08:44 AM
citrix client 7.0 cabo Red Hat 1 09-08-2003 02:25 PM


All times are GMT -5. The time now is 06:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration