I wish to log on to our system at work from home. I have the crypto card and correct address, my usename and password. I have installed Citrix ICA client but when I try to log on to work through the secure website, I receive the message: “you have not chosen to ‘entrust.net Security Server Certification Authority’, the issuer of the server’s security certificate.”
Can anyone tell me how to correct this problem? It used to work. And my Windows XP office computer works. I am running Linux 11.2. Our help desk has not helped as they are familiar with Windows not Linux.
heseltine wrote:
> Hello,
>
> I wish to log on to our system at work from home. I have the crypto
> card and correct address, my usename and password. I have installed
> Citrix ICA client but when I try to log on to work through the secure
> website, I receive the message: “you have not chosen to ‘entrust.net
> Security Server Certification Authority’, the issuer of the server’s
> security certificate.”
>
> Can anyone tell me how to correct this problem? It used to work. And my
> Windows XP office computer works. I am running Linux 11.2. Our help desk
> has not helped as they are familiar with Windows not Linux.
ICAClient stores its Root Authority files at:
/usr/lib/ICAClient/keystore
If you have the root auth cert for your
entrust certs, try putting that there.
I’ve found the certs in thekeystore at ICACLient where the client is installed. So, I copied them (as root) to
/usr/lib/ICAClient/keystore
I then tried to import the certs via Kleopatra. It would not import the SecureServer.crt but would import the others there. The message I receive when trying to run a programme from the server is that I have not accepted the 'entrust.net security server cert.
So I am clearly operating blindly (not good). If Windows will let me log on to the work server using ICAClient after downloading the ICA client and without configuring, then I suspect it ought to work in Suse. It is a matter of figuring it out.
So, what would you suggest? Does the cert originate at the destination server? If so, how do I set Suse to accept it when it is offered (assuming it is offered after I log on and try to run a programme). Is the answer to be found using the Kleopatra programme?
On Thu, 2010-01-21 at 05:06 +0000, heseltine wrote:
> Hello CJ, thank you for the reply.
>
> I’ve found the certs in thekeystore at ICACLient where the client is
> installed. So, I copied them (as root) to
> /usr/lib/ICAClient/keystore
>
> I then tried to import the certs via Kleopatra. It would not import the
> SecureServer.crt but would import the others there. The message I
> receive when trying to run a programme from the server is that I have
> not accepted the 'entrust.net security server cert.
My guess is that you NEED to trust entrust as a root CA. That means
you’d have to add an entrust certificate to the directory so that
certs are ‘ok’ if they come from that CA.
It worked. I don’t know how I did it, but I found the SSL cert and downloaded it to the cert store directory, and then had Kleopatra import it. It was a bit tricky as it did not work on first effort so I can’t positively list the steps. Needless to say, there is a bit of ‘fuzzy logic’ involved (ie muddling through) which seems to have worked.
Many thanks.
By the way, I love the image of you - with that look of incredulity. I can just see you giving me that look as you read my post while shaking your head.
On Fri, 2010-01-22 at 01:56 +0000, heseltine wrote:
…
> Many thanks.
You’re welcome.
>
> By the way, I love the image of you - with that look of incredulity. I
> can just see you giving me that look as you read my post while shaking
> your head.
My daughter takes great pictures of me that make me appear “not so fat”.
Hi I have installed Citrix ICA Client, and set firefox to open ICA files with Citrix ICA Client, but when I try to open an application from ITFarm.co.uk it says nothing is installed to handle ICA clients should firefox try to install a plugin to handle this kind of file?
(I think the company are using ICA 9 and I downloaded ICA 11) does it make any difference?
The next screen will ask you to download the Citrix client if you do not have it or continue. Choose < Continue>
Few alternatives on the next screen.:
a. if a windows comes saying <open browse> means that the system does not know with which application to open the file so you have to point to the correct application which is
/usr/lib/ICAClient/wfica
b. if may load the client but with an error something like
“You have chose not to trust Equifax Secure Certificate Authority, the issuer of the server’s security certificate.”
You have the certificate but the client can not see it.