User Tools

Site Tools


citrix:add_more_ssl_certificates

Citrix - Add more SSL Certificates

Certificate error when using Citrix Receiver.

By default, Citrix Receiver only trusts a few root CA certificates, which causes connections to many Citrix servers to fail with an SSL error.

The ca-certificates package (already installed on most Ubuntu systems) provides additional CA certificates in /usr/share/ca-certificates/mozilla/ that can be conveniently added to Citrix Receiver to avoid these errors:

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/ 
 
sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/

NOTE: Some systems may require this instead:

ln -sf /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts/

Since versions 13.1, Citrix needs the certificates in separate files. You need to run the following commands as root:

cd /opt/Citrix/ICAClient/keystore/cacerts/
cp /etc/ca-certificates/extracted/tls-ca-bundle.pem .
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < tls-ca-bundle.pem

References

citrix/add_more_ssl_certificates.txt · Last modified: 2020/08/14 13:26 by 192.168.1.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki