Citrix receiver SSL connection error. Certificates?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
I can't get the Citrix Receiver to work on Ubuntu 17.10. (SSL connection couldn't be established)
I tried different versions and copying the certificates from Mozilla as described here and here and ran ctx_rehash.
Another answer suggests to convert a .crt file to .pem.
It's not clear to me though which file is meant and how to get it. I connected to citrix via browser (which works), exported the certificate from the page info/security, converted it to .pem and rehashed. Doesn't work though
17.10 ssl citrix
asked Feb 5 at 9:22
unnic
12
add a comment |Â
up vote
0
down vote
favorite
I can't get the Citrix Receiver to work on Ubuntu 17.10. (SSL connection couldn't be established)
I tried different versions and copying the certificates from Mozilla as described here and here and ran ctx_rehash.
Another answer suggests to convert a .crt file to .pem.
It's not clear to me though which file is meant and how to get it. I connected to citrix via browser (which works), exported the certificate from the page info/security, converted it to .pem and rehashed. Doesn't work though
17.10 ssl citrix
asked Feb 5 at 9:22
unnic
12
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I can't get the Citrix Receiver to work on Ubuntu 17.10. (SSL connection couldn't be established)
I tried different versions and copying the certificates from Mozilla as described here and here and ran ctx_rehash.
Another answer suggests to convert a .crt file to .pem.
It's not clear to me though which file is meant and how to get it. I connected to citrix via browser (which works), exported the certificate from the page info/security, converted it to .pem and rehashed. Doesn't work though
17.10 ssl citrix
asked Feb 5 at 9:22
unnic
12
I can't get the Citrix Receiver to work on Ubuntu 17.10. (SSL connection couldn't be established)
I tried different versions and copying the certificates from Mozilla as described here and here and ran ctx_rehash.
Another answer suggests to convert a .crt file to .pem.
It's not clear to me though which file is meant and how to get it. I connected to citrix via browser (which works), exported the certificate from the page info/security, converted it to .pem and rehashed. Doesn't work though
17.10 ssl citrix
17.10 ssl citrix
asked Feb 5 at 9:22
unnic
12
asked Feb 5 at 9:22
unnic
12
edited Feb 5 at 10:46
asked Feb 5 at 9:22
unnic
12
asked Feb 5 at 9:22
unnic
12
asked Feb 5 at 9:22
unnic
12
12
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
0
down vote
I'm having the same problem. And also tried to copy the certificates to /opt/Citrix/ICAClient/keystore/cacerts. I know the certificates work because I need them for browsing the internet (corporate firewall). Firefox and Chromium accept the certificates. Using openssl I found out that the certificates were already in pem format.
When making a connection to the Citrix storefront web page, I don't have a problem. The session starts fine.
edit:
The line below fixed it for me.
$ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
answered Feb 9 at 16:00
Robert Vrijhof
11
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
add a comment |Â
up vote
0
down vote
accepted
I managed to connect by exporting the certificate manually from the browser:
- go to the citrix site
- view certificate
- export the certificate. the correct one is one above the actual adress
- convert from .crt to .pem
- rehash
answered Feb 13 at 12:28
unnic
12
add a comment |Â
up vote
0
down vote
You should simply re-use the certificates already installed with the ca-certificates package, e.g.
$ cd /opt/Citrix/ICAClient/keystore/
$ sudo rm -r cacerts
$ sudo ln -s /etc/ssl/certs cacerts
No conversion and rehashing needed.
See Citrix receiver 13.10 on Ubuntu 18.04.1 for background reading (and why this is safe).
answered Aug 28 at 22:21
Peterino
22127
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I'm having the same problem. And also tried to copy the certificates to /opt/Citrix/ICAClient/keystore/cacerts. I know the certificates work because I need them for browsing the internet (corporate firewall). Firefox and Chromium accept the certificates. Using openssl I found out that the certificates were already in pem format.
When making a connection to the Citrix storefront web page, I don't have a problem. The session starts fine.
edit:
The line below fixed it for me.
$ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
answered Feb 9 at 16:00
Robert Vrijhof
11
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
add a comment |Â
up vote
0
down vote
I'm having the same problem. And also tried to copy the certificates to /opt/Citrix/ICAClient/keystore/cacerts. I know the certificates work because I need them for browsing the internet (corporate firewall). Firefox and Chromium accept the certificates. Using openssl I found out that the certificates were already in pem format.
When making a connection to the Citrix storefront web page, I don't have a problem. The session starts fine.
edit:
The line below fixed it for me.
$ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
answered Feb 9 at 16:00
Robert Vrijhof
11
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I'm having the same problem. And also tried to copy the certificates to /opt/Citrix/ICAClient/keystore/cacerts. I know the certificates work because I need them for browsing the internet (corporate firewall). Firefox and Chromium accept the certificates. Using openssl I found out that the certificates were already in pem format.
When making a connection to the Citrix storefront web page, I don't have a problem. The session starts fine.
edit:
The line below fixed it for me.
$ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
answered Feb 9 at 16:00
Robert Vrijhof
11
I'm having the same problem. And also tried to copy the certificates to /opt/Citrix/ICAClient/keystore/cacerts. I know the certificates work because I need them for browsing the internet (corporate firewall). Firefox and Chromium accept the certificates. Using openssl I found out that the certificates were already in pem format.
When making a connection to the Citrix storefront web page, I don't have a problem. The session starts fine.
edit:
The line below fixed it for me.
$ sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/
answered Feb 9 at 16:00
Robert Vrijhof
11
edited Feb 9 at 16:12
answered Feb 9 at 16:00
Robert Vrijhof
11
answered Feb 9 at 16:00
Robert Vrijhof
11
answered Feb 9 at 16:00
Robert Vrijhof
11
11
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
add a comment |Â
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
1
1
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
OP indicated they rehashed without success.
– Thomas Ward♦
Feb 9 at 17:18
add a comment |Â
up vote
0
down vote
accepted
I managed to connect by exporting the certificate manually from the browser:
- go to the citrix site
- view certificate
- export the certificate. the correct one is one above the actual adress
- convert from .crt to .pem
- rehash
answered Feb 13 at 12:28
unnic
12
add a comment |Â
up vote
0
down vote
accepted
I managed to connect by exporting the certificate manually from the browser:
- go to the citrix site
- view certificate
- export the certificate. the correct one is one above the actual adress
- convert from .crt to .pem
- rehash
answered Feb 13 at 12:28
unnic
12
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
I managed to connect by exporting the certificate manually from the browser:
- go to the citrix site
- view certificate
- export the certificate. the correct one is one above the actual adress
- convert from .crt to .pem
- rehash
answered Feb 13 at 12:28
unnic
12
I managed to connect by exporting the certificate manually from the browser:
- go to the citrix site
- view certificate
- export the certificate. the correct one is one above the actual adress
- convert from .crt to .pem
- rehash
answered Feb 13 at 12:28
unnic
12
answered Feb 13 at 12:28
unnic
12
answered Feb 13 at 12:28
unnic
12
answered Feb 13 at 12:28
unnic
12
12
add a comment |Â
add a comment |Â
up vote
0
down vote
You should simply re-use the certificates already installed with the ca-certificates package, e.g.
$ cd /opt/Citrix/ICAClient/keystore/
$ sudo rm -r cacerts
$ sudo ln -s /etc/ssl/certs cacerts
No conversion and rehashing needed.
See Citrix receiver 13.10 on Ubuntu 18.04.1 for background reading (and why this is safe).
answered Aug 28 at 22:21
Peterino
22127
add a comment |Â
up vote
0
down vote
You should simply re-use the certificates already installed with the ca-certificates package, e.g.
$ cd /opt/Citrix/ICAClient/keystore/
$ sudo rm -r cacerts
$ sudo ln -s /etc/ssl/certs cacerts
No conversion and rehashing needed.
See Citrix receiver 13.10 on Ubuntu 18.04.1 for background reading (and why this is safe).
answered Aug 28 at 22:21
Peterino
22127
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You should simply re-use the certificates already installed with the ca-certificates package, e.g.
$ cd /opt/Citrix/ICAClient/keystore/
$ sudo rm -r cacerts
$ sudo ln -s /etc/ssl/certs cacerts
No conversion and rehashing needed.
See Citrix receiver 13.10 on Ubuntu 18.04.1 for background reading (and why this is safe).
answered Aug 28 at 22:21
Peterino
22127
You should simply re-use the certificates already installed with the ca-certificates package, e.g.
$ cd /opt/Citrix/ICAClient/keystore/
$ sudo rm -r cacerts
$ sudo ln -s /etc/ssl/certs cacerts
No conversion and rehashing needed.
See Citrix receiver 13.10 on Ubuntu 18.04.1 for background reading (and why this is safe).
answered Aug 28 at 22:21
Peterino
22127
answered Aug 28 at 22:21
Peterino
22127
answered Aug 28 at 22:21
Peterino
22127
answered Aug 28 at 22:21
Peterino
22127
22127
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1003194%2fcitrix-receiver-ssl-connection-error-certificates%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password