LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-16-2008, 11:17 AM   #1
p3ppit
LQ Newbie
 
Registered: Feb 2007
Location: ScanDALnavia
Distribution: Suse Linux v10.3
Posts: 10

Rep: Reputation: 0
SSL issue when launching a Citrix terminal session


Hi guys...

Hm I'm not entirely sure you'll be able to help me here, but I'll give it a go... Here's my situation:

I'm trying to run a Citrix terminal session on Suse Linux v10.3. Downloaded and installed the Citrix client for Linux and all dependencies.

But when I open my browser (FFox), enter the url of our Citrix server, I get an error message saying something like "You have chosen not to trust [...], the issuer of this servers SSL certificate..."

Now... My problem is that I am 105% positive, that the issuer of this cert can be trusted and I was wondering if any of you could lead me in the right direction? Firewall issue? Deep-down-in-Linux issue? I oughta mention that the distro I'm running is clean, meaning that I haven't altered anything reg. the system and that I have a direct conn to the Internet (No hardware firewall or anything like that)

Thanks in advance for any assistance
 
Old 02-16-2008, 08:42 AM   #2
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 697

Rep: Reputation: 93
Quote:
Originally Posted by p3ppit View Post
But when I open my browser (FFox), enter the url of our Citrix server, I get an error message saying something like "You have chosen not to trust [...], the issuer of this servers SSL certificate..."
This means that whoever manages the Citrix server did
not use one of the common Certificate Authorities. My
guess is that they made a self-generated certificate.
In any event, the administrator of the Citrix server
should be able to give you a certificate to import
which will add the CA to your list of trusted sources.
 
Old 11-24-2008, 08:24 PM   #3
joneser005
LQ Newbie
 
Registered: Nov 2008
Location: Kansas City, MO USA
Posts: 1

Rep: Reputation: 0
Lightbulb Solved: A simple solution here, regardless of certificate source

I had this problem and (finally) found a simple solution. I hope it works for any of you reading this.... Most solutions I've found so far focus on a particular certificate instance. This solution should always work for the site that you are trying to connect to. (disclaimer: I am not a Citrix Expert)

I am using ICA client v10 on Ubuntu Gutsy + FireFox v3.0.4, but these instructions should be pretty close for nearly every linux+Firefox v3 configuration. It also shouldn't be too difficult to work this out for other browsers.

OK, when you get to the page that has the links to your Citrix apps, bring up the Page Info dialog (Tools > Page Info is just one way in FF3.0.4) and find the certificates the web site presents (?). Go to the security tab, then click View Certificates, then go to the Details tab. You should see a certificate hierarchy. One of these entries should match the one named in your error dialog (mine was "VeriSign Class 3 Secure Server CA", and underneath it was one for the website itself). Select that entry (e.g. "VeriSign Class 3...") and then export the file to your local filesystem. You should also see several options for what format to save the certificate as. Select "X.509 Certificate with chain (PEM)", and give the file a ".crt" extension. Once you have that file, copy it to your ICAClient's certificate store. If you used the default install options, this should do it: sudo cp my-x509-cert.crt /usr/lib/ICAClient/keystore/cacerts/
That should do it! Good luck!
 
Old 05-16-2009, 05:06 AM   #4
fgerlits
LQ Newbie
 
Registered: Nov 2005
Posts: 2

Rep: Reputation: 0
A simpler method which worked well for me (on Ubuntu 9.04) --

Code:
cd /usr/lib/ICAClient/keystore
sudo mv cacerts cacerts.bak
sudo ln -s /usr/share/ca-certificates/mozilla ./cacerts
This tells Citrix to trust all certificates already trusted by Mozilla, and nothing else.

Last edited by fgerlits; 05-16-2009 at 05:14 AM.
 
  


Reply

Tags
solution, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Launching a seperate X-session with a specific resolution, how ? Dark Carnival Linux - Software 5 06-28-2007 02:22 PM
Compiling and launching java from the terminal marcoguillen Linux - Software 7 03-25-2007 03:43 AM
Switching back to the Mandrake 9.1 desktop from terminal rdesktop terminal session marc218 Linux - General 6 02-08-2007 02:45 PM
How to autostart some script after launching an X Session? dreamtheater Linux - Software 2 10-13-2006 09:51 AM
How do I associate launch.ica on client so I can run a Citrix session? bret Linux - Newbie 3 05-25-2005 01:50 AM


All times are GMT -5. The time now is 10:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration