Issue:
Firefox trusts various root and intermediate certifiers but the Citrix ICA Receiver client's list is very short and does not trust a bunch of the root SSL certifiers.
Solution:
Need to put copies (or make ln) from Firefox certificates to the ICAClient/keystore/cacerts/ folder. I opted for making copies.
1. Locate your Citrix Receiver client folder:
In my case, the ICA Client Receiver is installed to: /opt/Citrix/ICAClient/ the cert full path is: /opt/Citrix/ICAClient/keystore/cacerts/.
2a. Open the SSL web site in Firefox. Click on the lock icon to bring up the certificate pop-up and click the More Information button.
2b. Click the Security tab, Click the View Certificate button.
2c. In the Certificate Viewer dialog, switch from General to the Details tab.
2d. In the Certificate Hierarchy window area under the Details tab, highlight the primary SSL certificate line (usually the top line). Click Export... button.
2e. Add a .der extension to the default name, change the type of certificate file (lower right) to X.509 Certificate (DER). Update the save location as needed, click the Save button.
3. Repeat step 2 for any Intermediate certificates needed.
4. Open a root terminal console.
5. Copy the new primary and intermediate certificates from the save location to the cacerts folder.
e.g.
# cd /home/trippblack/Desktop/
# mv MyCertNames*.der /opt/Citrix/ICAClient/keystore/cacerts/
# cd /opt/Citrix/ICAClient/keystore/cacerts/
# chown root:root MyCertNames*.der
6. Log into your Citrix site. Click the Desktop icon and your Receiver program should load the remote Citrix desktop successfully now.
previous page
|