Citrix - certificate problem

kekbarna · n00b Joined: 13 Feb 2007 Posts: 1

Hi,

I use a Citrix based application on Windows XP what I also would like to run on my Sabayon/Gentoo box.
I have an up-to-date Sabayon x86-64 install. The Citrix ICA client v9.0 install went well. I've downloaded the newest rpm package and emerge did the rest.

When I installed the app on the XP box, I had to install the citrix client and a root certificate. I've also installed this certificate (root-cert-advanceonline.cer) on the linux box:
1. installed to KDE: using krusader, select the file, F3, import
2. copied the certificate file to /opt/ICAClient/keystore/cacerts

After login to the website of the remote appl. using Firefox, when clicking on the icon which launches the citrix client, I got the following error message from the client:
---
Citrix ICA Client Error
You have not chosen to trust "/C=US/ST=/L=/0=Equifax/OU=Equifax Secure Certificate Authority/CN", the issuer of the server's security certificate.
---

I could not get further from this point.

What the linux built-in viewer displays about the certificate:
--------------------
Subject: AdvanceOnline
Issued by: AdvanceOnline
File: /opt/ICAClient/keystore/cacerts/root-cert-advanceonline.crt
File format: PEM or DER Encoded X.509
State: The certificate is valid
Valid from: Wednesday 29 March 2006 ...
Valid until: Tuesday 29 March 2011 ...
--------------------

What Opera says about this:
--------------------
pdono.advance.se
AdvanceOnline
Services
Goteborg
VG, SE

Issuer
AdvanceOnline

Connection : TLS v1.0 128 bit ARC4 (RSA/MD5)

The certificate for "pdono.advance.se" is signed by the unknown Certificate Authority "AdvanceOnline". It is not possible to verify that this is a valid certificate
...

So the issuer (the Certificate Authority) is AdvanceOnline, so why do I get error message regarding to the "Equifax Secure Certificate Authority"??

Please someone help me.

bma51 · n00b Joined: 04 Sep 2007 Posts: 10 Location: Pennsylvania

This post is really old, but here is the solution...

On Linux / Mac computers Citrix does not use the OS to store the certificates. Instead, it maintains them itself in the following directory:

BonezTheGoon · Posted: Tue Jan 15, 2008 6:08 pm Post subject:

I realize this thread is now even older, but I am suddenly impacted by this and I don't know where to get the certificate from. Any insight available? It would appear the corporation that houses the Citrix MetaFrame server I am connecting to recently changed certificate providers and so I am left trying to figure this out locally. Prior to the change the client worked fine, I am just trying to adjust to the remote changes that I cannot control.

Thanks!

Oh I already looked at this thread and tried the documented fix there with no change on my end.
_________________

BonezTheGoon · Posted: Tue Jan 15, 2008 6:29 pm Post subject:

This is how I fixed mine just now.

cp -R /usr/share/ca-certificates/mozilla/* /opt/ICAClient/keystore/cacerts/

Hope that might help someone some day!
_________________

Art Vandalay · Posted: Wed Oct 14, 2009 11:15 pm Post subject:

madal · n00b Joined: 17 Nov 2005 Posts: 35

Just in case anyone is having problems with the new ICAClient-12.0 package (as I was), they moved the location of the certificates. They are now in:

FreakNigh · n00b Joined: 20 Aug 2006 Posts: 38

I got the net-misc/icaclient-12.0.0 working on amd64 with firefox by doing a

nspluginwrapper -i /usr/lib32/nsbrowser/plugins/npica.so

and

cp Downloads/*.crt /opt/Citrix/ICAClient/keystore/cacert/
(as root in my main users home folder where I had downloaded the crt files to the Downloads folder)