citrix:add_more_ssl_certificates
Citrix - Add more SSL Certificates
Certificate error when using Citrix Receiver.
By default, Citrix Receiver only trusts a few root CA certificates, which causes connections to many Citrix servers to fail with an SSL error.
The ca-certificates package (already installed on most Ubuntu systems) provides additional CA certificates in /usr/share/ca-certificates/mozilla/ that can be conveniently added to Citrix Receiver to avoid these errors:
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
NOTE: Some systems may require this instead:
ln -sf /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts/
Since versions 13.1, Citrix needs the certificates in separate files. You need to run the following commands as root:
cd /opt/Citrix/ICAClient/keystore/cacerts/ cp /etc/ca-certificates/extracted/tls-ca-bundle.pem . awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < tls-ca-bundle.pem
References
citrix/add_more_ssl_certificates.txt · Last modified: 2020/08/14 13:26 by 192.168.1.1