• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Personal Blog
Ruiguo Yang
Blogs
Profile
Related Tags
xendesktop
Added by Ruiguo Yang, last edited by Ruiguo Yang on May 12, 2009  (view change)
Permalink | Twitter Post to Twitter | Comments (5) | Views (13256) |
10 Mar 2009 02:26 PM EDT
Demo Video How to Add Certificates to Citrix Linux Client (plugin) for XenApp
[ Tags: video ,   ica ,   linux ,   client ,   ubuntu ,   certificate ,   cdn ,   xenapp ]
posted by Ruiguo Yang

Have you seen the error "You have chosen not to trust XXX Server CA, the issuer of the server's security certificate (SSL error 61)." on Citrix Linux Plugin for XenApp (formerly known as ICA client)? It may be because the certificate authority from whom you get your server certificate is not trusted by your client.

I've got questions from users about this error. And I've made a request to product team to mitigate this issue. Please see comments from my earlier blog.

There are articles you can find on the Internet which describe a solution. However some users found videos more helpful than text only version. So I decided to create a video version of it.

You will need to download the right certificates. If you have questions, you may want to ask your server administrators or your certificate authorities who issue your server certificates. Alternatively you may be able to export the certificates you need from your firefox browser on the same Linux machine.

Here is an article I found that contains useful text based instruction and has a script that automates the process. You may need to customize the script to fit your needs.

I hope in the future, the product team can find ways to mitigate this issue. One step is to trust more certificate authorities by default. It's not difficult to implement. But I was told it might require some legal work to redistribute certificates from third parties. Another possibility is to share the trust with Firefox which will require more develop work. What do you think? Do you know how other Linux applications solve this issue?

Here is my earlier blog that explains how to install and use Linux ICA client.

I'd love to hear your feedbacks.

Ray (Ruiguo) Yang
Check out my other blogs
Subscribe to my blog RSS feed

Labels

video video Delete
ica ica Delete
linux linux Delete
client client Delete
ubuntu ubuntu Delete
certificate certificate Delete
cdn cdn Delete
xenapp xenapp Delete
lang-eng lang-eng Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (5)

 

  1. Mar 10, 2009

    Anonymous says:

    The Linux ICA client is a joke - if I found it as an open source project I'd qui...

    The Linux ICA client is a joke - if I found it as an open source project I'd quickly move on and look elsewhere. In fact, Citrix support for Linux in general is a joke. Look at the CAG SSL VPN - an appliance built on a Linux platform which has a Linux client which only works with a 2.4. kernel - do you know anyone who uses a 2.4 kernel on their desktop environment? I certainly don't!

    As for the certificate authority issue, all this needs is a button on the GUI to allow the user to add a third party root certificate or a dialogue to give the user the option to explicitly trust the presented certificate. Not rocket science by any means.

    1. Mar 28, 2009

      Ruiguo Yang says:

      Hi, I wish Citrix's Linux support is better too. I appreciate your input. Ther...

      Hi,

      I wish Citrix's Linux support is better too. I appreciate your input.

      There are things out of you or my control. I am doing what I can to improve things even though the steps may seem small. And I am glad some other users have started contributing too. Please see this comment to my other related blog.

      What I like about the Linux community is the spirit to share and help each other. Any little bit of help may go a long way.

      What do you think?

      Ray

      1. Anonymous replies:

        You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account. You can also Sign Up for a new account.

  2. Mar 28, 2009

    Ruiguo Yang says:

    A user kindly contributed his bit of information about how he solved this certif...

    A user kindly contributed his bit of information about how he solved this certificate trust issue.
    Please see this comment to my other related blog

    Ray

  3. Sep 16

    Anonymous says:

    We are running into the same issue with Windows client on Vista machines. Lookin...

    We are running into the same issue with Windows client on Vista machines. Looking at the install I do not see a parallel as far as a folder where the .crt files are stored. Has any one encountered/fixed this same issue in Windows Vista? These same end users were working prior to an update in the Cert used on the website.

    1. Sep 16

      Ruiguo Yang says:

      Have you tried visiting the website using SSL? If browser works, XenApp plug-in ...

      Have you tried visiting the website using SSL? If browser works, XenApp plug-in is likely going to work too. You may need to install the correct root certificate if necessary.

      Regards,

      Ray

Add Comment