Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-16-2008, 11:17 AM
|
#1
|
LQ Newbie
Registered: Feb 2007
Location: ScanDALnavia
Distribution: Suse Linux v10.3
Posts: 10
Rep:
|
SSL issue when launching a Citrix terminal session
Hi guys...
Hm I'm not entirely sure you'll be able to help me here, but I'll give it a go... Here's my situation:
I'm trying to run a Citrix terminal session on Suse Linux v10.3. Downloaded and installed the Citrix client for Linux and all dependencies.
But when I open my browser (FFox), enter the url of our Citrix server, I get an error message saying something like "You have chosen not to trust [...], the issuer of this servers SSL certificate..."
Now... My problem is that I am 105% positive, that the issuer of this cert can be trusted and I was wondering if any of you could lead me in the right direction? Firewall issue? Deep-down-in-Linux issue? I oughta mention that the distro I'm running is clean, meaning that I haven't altered anything reg. the system and that I have a direct conn to the Internet (No hardware firewall or anything like that)
Thanks in advance for any assistance
|
|
|
02-16-2008, 08:42 AM
|
#2
|
Member
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 703
Rep:
|
Quote:
Originally Posted by p3ppit
But when I open my browser (FFox), enter the url of our Citrix server, I get an error message saying something like "You have chosen not to trust [...], the issuer of this servers SSL certificate..."
|
This means that whoever manages the Citrix server did
not use one of the common Certificate Authorities. My
guess is that they made a self-generated certificate.
In any event, the administrator of the Citrix server
should be able to give you a certificate to import
which will add the CA to your list of trusted sources.
|
|
|
11-24-2008, 08:24 PM
|
#3
|
LQ Newbie
Registered: Nov 2008
Location: Kansas City, MO USA
Posts: 1
Rep:
|
Solved: A simple solution here, regardless of certificate source
I had this problem and (finally) found a simple solution. I hope it works for any of you reading this.... Most solutions I've found so far focus on a particular certificate instance. This solution should always work for the site that you are trying to connect to. (disclaimer: I am not a Citrix Expert)
I am using ICA client v10 on Ubuntu Gutsy + FireFox v3.0.4, but these instructions should be pretty close for nearly every linux+Firefox v3 configuration. It also shouldn't be too difficult to work this out for other browsers.
OK, when you get to the page that has the links to your Citrix apps, bring up the Page Info dialog (Tools > Page Info is just one way in FF3.0.4) and find the certificates the web site presents (?). Go to the security tab, then click View Certificates, then go to the Details tab. You should see a certificate hierarchy. One of these entries should match the one named in your error dialog (mine was "VeriSign Class 3 Secure Server CA", and underneath it was one for the website itself). Select that entry (e.g. "VeriSign Class 3...") and then export the file to your local filesystem. You should also see several options for what format to save the certificate as. Select "X.509 Certificate with chain (PEM)", and give the file a ".crt" extension. Once you have that file, copy it to your ICAClient's certificate store. If you used the default install options, this should do it: sudo cp my-x509-cert.crt /usr/lib/ICAClient/keystore/cacerts/
That should do it! Good luck!
|
|
|
05-16-2009, 05:06 AM
|
#4
|
LQ Newbie
Registered: Nov 2005
Posts: 2
Rep:
|
A simpler method which worked well for me (on Ubuntu 9.04) --
Code:
cd /usr/lib/ICAClient/keystore
sudo mv cacerts cacerts.bak
sudo ln -s /usr/share/ca-certificates/mozilla ./cacerts
This tells Citrix to trust all certificates already trusted by Mozilla, and nothing else.
Last edited by fgerlits; 05-16-2009 at 05:14 AM.
|
|
|
All times are GMT -5. The time now is 09:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|