Ubuntu – Citrix receiver ssl connection couldn’t be established


I'm having some troubles getting citrix receiver (client agent, not web) working on ubuntu 16.04.1 LTS.

After initial install, I added Firefox' CA Certs to the cacerts folder in /opt/Citrix/ICAClient/keystore by using a symbolic link, followed by a rehash of the certs;

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/

This got citrix working if I go via the web browser. Apps launch and everything is A-OK.

I can't for the life of me get the receiver application to work though. When i try and add my company's store the client, it fails instantly with:

Your account cannot be added using this server address.
An SSL connection to the server couldn't be established because the server's certificate was not trusted.

The certificate we are using for Storefront (served via Citrix Netscaler gateway) is a wildcard issued by GoDaddy. Does anyone know whether or not I need to add this certificate in somewhere so Citrix Receiver client will work?

Any help would be greatly appreciated.


Best Answer

To resolve this issue, you can refer to the following links:

Secure - Citrix Product Documentation

How to convert .crt to .pem - Stack Overflow

I can get the receiver application to trust the server's certificate by the following steps:

  1. Export server certificate from the web browser. The certificate is exported in the file extension .crt. You may also find them in /usr/share/ca-certificates/mozilla/*
  2. Convert the crt file to a pem file by the following command:

    openssl x509 -in mycert.crt -out mycert.pem -outform PEM

    where mycert.crt is the exported certificate.

  3. Copy the pem file to $ICAROOT/keystore/cacerts

    Normally $ICAROOT=/opt/Citrix/ICAClient

  4. Rehash the certificate by the following command: $ICAROOT/util/ctx_rehash

  5. Reopen Citrix Receiver. It should trust the certificate now.