Results 1 to 8 of 8

Thread: Citrix ICA client question

  1. #1

    Default Citrix ICA client question

    Hello,

    I wish to log on to our system at work from home. I have the crypto card and correct address, my usename and password. I have installed Citrix ICA client but when I try to log on to work through the secure website, I receive the message: "you have not chosen to 'entrust.net Security Server Certification Authority', the issuer of the server's security certificate."

    Can anyone tell me how to correct this problem? It used to work. And my Windows XP office computer works. I am running Linux 11.2. Our help desk has not helped as they are familiar with Windows not Linux.


    Hope you can help.

    Thanks

    Mark

  2. #2
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,235

    Default Re: Citrix ICA client question

    heseltine wrote:
    > Hello,
    >
    > I wish to log on to our system at work from home. I have the crypto
    > card and correct address, my usename and password. I have installed
    > Citrix ICA client but when I try to log on to work through the secure
    > website, I receive the message: "you have not chosen to 'entrust.net
    > Security Server Certification Authority', the issuer of the server's
    > security certificate."
    >
    > Can anyone tell me how to correct this problem? It used to work. And my
    > Windows XP office computer works. I am running Linux 11.2. Our help desk
    > has not helped as they are familiar with Windows not Linux.


    ICAClient stores its Root Authority files at:
    /usr/lib/ICAClient/keystore

    If you have the root auth cert for your
    entrust certs, try putting that there.

  3. #3

    Default Re: Citrix ICA client question

    Hello CJ, thank you for the reply.

    I've found the certs in thekeystore at ICACLient where the client is installed. So, I copied them (as root) to
    /usr/lib/ICAClient/keystore

    I then tried to import the certs via Kleopatra. It would not import the SecureServer.crt but would import the others there. The message I receive when trying to run a programme from the server is that I have not accepted the 'entrust.net security server cert.

    So I am clearly operating blindly (not good). If Windows will let me log on to the work server using ICAClient after downloading the ICA client and without configuring, then I suspect it ought to work in Suse. It is a matter of figuring it out.

    So, what would you suggest? Does the cert originate at the destination server? If so, how do I set Suse to accept it when it is offered (assuming it is offered after I log on and try to run a programme). Is the answer to be found using the Kleopatra programme?

    Hope you can help.

    Regards,
    Mark

  4. #4
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,235

    Default Re: Citrix ICA client question

    On Thu, 2010-01-21 at 05:06 +0000, heseltine wrote:
    > Hello CJ, thank you for the reply.
    >
    > I've found the certs in thekeystore at ICACLient where the client is
    > installed. So, I copied them (as root) to
    > /usr/lib/ICAClient/keystore
    >
    > I then tried to import the certs via Kleopatra. It would not import the
    > SecureServer.crt but would import the others there. The message I
    > receive when trying to run a programme from the server is that I have
    > not accepted the 'entrust.net security server cert.


    My guess is that you NEED to trust entrust as a root CA. That means
    you'd have to add an entrust certificate to the directory so that
    certs are 'ok' if they come from that CA.

    Check here for the certificates for entrust...

    http://www.entrust.net/developer/index.cfm

    One or more of these needs to be in that directory (if I'm
    right about the problem).



  5. #5

    Default Re: Citrix ICA client question

    Hello, CJ,

    It worked. I don't know how I did it, but I found the SSL cert and downloaded it to the cert store directory, and then had Kleopatra import it. It was a bit tricky as it did not work on first effort so I can't positively list the steps. Needless to say, there is a bit of 'fuzzy logic' involved (ie muddling through) which seems to have worked.

    Many thanks.

    By the way, I love the image of you - with that look of incredulity. I can just see you giving me that look as you read my post while shaking your head.

    thank you,

    Regards,

    Mark

  6. #6
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,235

    Default Re: Citrix ICA client question

    On Fri, 2010-01-22 at 01:56 +0000, heseltine wrote:
    ....
    > Many thanks.


    You're welcome.

    >
    > By the way, I love the image of you - with that look of incredulity. I
    > can just see you giving me that look as you read my post while shaking
    > your head.


    My daughter takes great pictures of me that make me appear "not so fat".



  7. #7

    Default Re: Citrix ICA client question

    Hi I have installed Citrix ICA Client, and set firefox to open ICA files with Citrix ICA Client, but when I try to open an application from ITFarm.co.uk it says nothing is installed to handle ICA clients should firefox try to install a plugin to handle this kind of file?

    (I think the company are using ICA 9 and I downloaded ICA 11) does it make any difference?

    Many Thanks
    Stuart

  8. #8

    Default Re: Citrix ICA client question

    Quote Originally Posted by satmanuk View Post
    when I try to open an application from ITFarm.co.uk it says nothing is installed to handle ICA clients should firefox try to install a plugin to handle this kind of file?
    Stuart
    I post a list of all the steps I took to install a Citrix Client and to communicate with my work place. Some of the steps may help you.

    1. Dependency:
    OpenMotif v2.3.1 or higher

    2. Download Citrix client

    Citrix Systems Citrix Downloads XenApp Citrix Clients

    download the tar file and untar the file

    3. # ./setupwfc

    This will run the installation script as root. Answer the questions and it is done. Say yes to integration to kde/gnome and to the browser.

    4. log on to my.work.org (of course use your work place instead)

    5. After loading the application from my my.work.org

    The next screen will ask you to download the Citrix client if you do not have it or continue. Choose < Continue>

    Few alternatives on the next screen.:

    a. if a windows comes saying <open browse> means that the system does not know with which application to open the file so you have to point to the correct application which is

    /usr/lib/ICAClient/wfica

    b. if may load the client but with an error something like

    "You have chose not to trust Equifax Secure Certificate Authority, the issuer of the server's security certificate."

    You have the certificate but the client can not see it.

    So just download the certificates:
    Download Root Certificates - GeoTrust

    Root 1 - Equifax Secure Certificate Authority
    Root 2 - GeoTrust Global CA

    Move the certificates.cer and change the extensions to certificates.crt

    Copy .crt file into /usr/lib/ICACleint/keystore/cacerts

    Change the permission to 777

    #chmod 777 -R /usr/lib/ICAClient/keystore/cacerts

    Now close firefox and opens it again and you should be fine.

    Regards

    -=terry=-

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •