You have chosen not to trust… – Citrix Receiver and SSL error 61 on Ubuntu

After months of trouble-free operation, Citrix Receiver decided to wreak some havoc one morning last week.
Connecting to work (using Firefox on Ubuntu and Citrix Receiver for Linux 13.8) was trouble free as usual.
However, when I then tried to select a PC to remote into, Citrix informed me that …

“You have chosen not to trust Entrust Root Certification Authority – G2. SSL error 61”

At that point, I reflected that what I knew about Citrix and SSL certificates would fit on the back of a fag packet.
After some intensive “research” it should now fit into a short blog post…

Citrix Receiver for Linux has a bug…again

A quick internet search lead me to the Citrix Support site.
Their advice ( perhaps understandably), was to upgrade Citrix Receiver to the latest version.
After some fiddling around – steps for installing on Ubuntu can be found here if you’re interested, I had the latest version.
Now, I’m not sure whether it’s just an unfortunate coincidence or whether I’ve upset the good people at Citrix, but it seems that whenever I install the latest version, there is a Linux specific bug.
So, after about half an hour of messing about, I was back where I started with the same error and the same version of Citrix Receiver.

Attempting to connect via Chrome gave exactly the same result.

Re-installing my certificates

Re-reading the error message, I noticed that it was a specific certificate that was the problem.
Running a search, I was able to confirm that the said certificate is available from Entrust.

Once I’d downloaded the certificate in question, it was simply a matter of putting it where Citrix Receiver could see it.
So…

sudo cp entrust_g2_ca.cer /opt/Citrix/ICAClient/keystore/cacerts/.

Magically, Citrix Receiver was happy again and I was able to connect.

Some points to note for next time

A colleague of mine had the same issue. He is running Debian.
His solution was to :

– delete the files in the Citrix Receiver certs directory :

/opt/Citrix/ICAClient/keystore/cacerts/

– create a symlink in the directory from the certificates in

/etc/ssl/certs

If you’re reading this because you have a similar problem and the first solution doesn’t work, then perhaps this may be worth a try ( backup the certificate files before deleting them though !)
I’m still not sure of the root cause of this issue, although I suspect it may be something to do with browser updates.
On the plus side I’ve avoided having to drag myself into the office…for now.

14 thoughts on “You have chosen not to trust… – Citrix Receiver and SSL error 61 on Ubuntu

  1. I’ve just installed Citrix Workspace on a Raspberry Pi 4 running Rasbian and it works a treat after I downloaded the G2 cert that was missing thanks to your article.

    Cheers

  2. I stumbled upon this and this fixed my citrix problem when my company ‘help desk’ said they could not help me any further. Thank you so much!!!

  3. Thanks.
    It works. I just added the symbolic link of the Entrust*G2 cert to Citrix keystore directory. Then the error disappeareded
    TM

  4. Thanks!this solved the SSL error , but now I’m getting the error connection to “IP address” lost please check your network and try again,when trying to connect to a remote desktop from my receiver. The same works fine from windows though, any idea why is it happening?

    • Ritika,
      assuming that you’re observing this behaviour when using the same browser (e.g. Chrome) on Windows and Linux then I’d suggest that you check to see if you have the same browser version on each OS. If so, then check the configuration for any differences and finally – if all else fails – try clearing the cache.
      If none of that does the trick then it may be worth checking to see if the Linux version of Citrix Receiver that you are running has any known bugs.

      HTH,

      MIke

Leave a Reply to Julius Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.