Howto: Citrix Receiver on Fedora 30

It took a few tweaks to get Citrix Receiver up and running on Fedora 30. Here are the steps:

Download the latest "Redhat Web Package (Web Workspace app only)."

As I am writing this, the latest version is 1903:

sudo dnf install ./ICAClientWeb-rhel-

Install supporting packages

sudo dnf install motif motif.i686 libXaw libXaw.i686 libidn1.34

Update Certificates (as root)

ALL_CERTS='/etc/pki/ca-trust/extracted/pem/*.pem /etc/pki/tls/*.pem /usr/share/pki/ca-trust-source/'
for x in ${ALL_CERTS}; do
     ln -sf "${x}" "${CITRIX}"

Edit /usr/share/applications/wfica.desktop (as root)


Exec=/opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient %f


Exec=env LD_PRELOAD="/lib64/" /opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient %f

Hi @pegleg3941—welcome to the community! Thanks very much for this. I’ve reformatted it a bit to make the code blocks render properly.

If you’ve not already done so, please take a few minutes to go through the introductory posts in #start-here here also.

1 Like

Hello @FranciscoD and thank you for cleaning up my post. Those backticks will be really useful. I see that I also posted this in the top-level category and should not have – I will read more in #start-here.


Hi @FranciscoD and @pegleg3941

I followed every steps provided but i am getting a error.

Would you guys be able to assist ?

I really appreciate any help

Thanks in advance !

Fedora 30_KDE



Hey @dee,

With the instructions in the OP I have been able to open .ica files directly from my browser. Is that the same workflow that you are using, or are you launching Citrix directly from the Applications menu (or the KDE equivalent)?

When I launch the .ica file, the command works out to this (no brackets):

env LD_PRELOAD="/lib64/" /opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient [file.ica]

Can you run that from the Terminal and report back with the output?


Yes, i am running directly from the browser ( Firefox or Chrome )…

Hey @dee. Thank you for starting wfica from the command line. Everything looks good so far for wfica and its libraries. I think this means that there is still a problem with the SSL certificates.

Does the server use a self-signed SSL certificate? If not, can we see the output of this command?:

ls -l /opt/Citrix/ICAClient/keystore/cacerts

Hi @pegleg3941. I really appreciate your time and effort !

Using RSA_Token ->

1ec4d31a.0 -> Class3PCA_G2_v2.pem
2c543cd1.0 -> GeoTrust_Global_CA.pem
3513523f.0 -> DigiCertGlobalRootCA.pem
399e7759.0 -> DigiCertGlobalRootCA.pem
3ad48a91.0 -> BTCTRoot.pem
415660c1.0 -> Pcs3ss_v4.pem
4bcd7fc4.0 -> DigiCertSHA2SecureServerCA.pem
4d654d1d.0 -> GTECTGlobalRoot.pem
653b494a.0 -> BTCTRoot.pem
6faac4e3.0 -> Class4PCA_G2_v2.pem
72fa7371.0 -> Class3PCA_G2_v2.pem
7651b327.0 -> Pcs3ss_v4.pem
7999be0d.0 -> GeoTrust_Global_CA.pem
85cf5865.0 -> DigiCertSHA2SecureServerCA.pem
c692a373.0 -> GTECTGlobalRoot.pem
lrwxrwxrwx. 1 root root  107 May 20 22:32 -> '/etc/pki/ca-trust/extracted/pem/*.pem /etc/pki/tls/*.pem /usr/share/pki/ca-trust-source/'
DigiCertSHA2SecureServerCA.pem -> ../intcerts/DigiCertSHA2SecureServerCA.pem
ed049835.0 -> Class4PCA_G2_v2.pem


Hey @dee. I think at least part of your problem is related to how these certificates were linked. For instance, look at

'/etc/pki/ca-trust/extracted/pem/*.pem /etc/pki/tls/*.pem /usr/share/pki/ca-trust-source/'

I have been playing with a couple things over here and am not yet sure how that happened, but I did discover that my path to is an older path from a non-standard package. Could you try copying all of the certificate files into the Citrix directory?:

sudo cp -f /etc/pki/ca-trust/extracted/pem/*.pem /opt/Citrix/ICAClient/keystore/cacerts/
sudo cp -f /etc/pki/tls/*.pem /opt/Citrix/ICAClient/keystore/cacerts/
sudo cp -f /etc/pki/tls/certs/ /opt/Citrix/ICAClient/keystore/cacerts/

Let me know how that goes. I’m going to play with a couple more things here as I have time.

I can see some problem here:

  1. The packages Provide is for RedHat I dont’ know the difference in this kind of packaged altought pegleg3941 instruction seem to work follow the Product procedure with a limitation …
  2. See this comment ->
  3. The basic and install and setup and is up-to-date February 20, 2019
  4. Why you need i686 packages? is needed in execution time? I just do I can’t see any dependency package problem
    • sudo dnf install ICAClient-rhel-
  5. Start citrix receiver see TIP, The following instruction does not apply to installations made from the Web packages Why you don’t use ICAClient-rhel

If all of this doesn’t work, I think you can get more assistant in CITRIX forum -> Citrix


Hi @pegleg3941 … i tried to copy all 3x certificate files mentioned. Only the first 2x were done without errors. The 3dr one was showing the output;

cp: not writing through dangling symlink ‘/opt/Citrix/ICAClient/keystore/cacerts/’

But i noticed that the file its already in the directory:

–> Still showing the same error " Cannot connect to “0.0.02 - Apple2Office”

Please let me know if you have any other suggestions…

Thanks again for your time !

Great instructions. I followed and had the same “cannot connect” error. I followed the instructions @ and worked like a charm

pegleg3941, thank you for taking the time to figure out how to make citrix receiver work. On each fedora release, this app can be a hit or miss.

After following your steps on a fresh install of F30, the library was not available on my system. I had to install the rpm compat-openssl10-1.0.2o-5.fc30.x86_64.rpm to get it.

As a note to others, the citrix receiver does not work well under wayland. So you will have to use X.

When logging to a windows machine with this version of citrix, the app switch functionality of the ALT + tab hot key does not work. You will have to use meta + alt + tab to get it to work…

1 Like

Thanks a bunch, too! I was struggling with providing the right libraries for the client. Also the X tipp is great, I have been wondering.

Me too, I have been getting the error “Cannot connect to …”

After the great hints towards the certificate issue, I tried to download the ICA file, and execute it from the shell directly, which actually gave me a different error message that statet I didn’t trust Entrust CA. So I went and manually downloaded and added the cert to keystore.

That solved it for me – yay!

To reproduce:

  1. Execute the ICA file in your terminal to get the real error message
    env LD_PRELOAD="/lib64/" /opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient [file.ica]
  2. Download the missing CA certificate and copy it to /opt/Citrix/ICAClient/keystore/cacerts

I think this thread has brought me inches away from the finish line, so big thanks to all contributors!
@theonlyandy Can you share a bit more info on how you got the error message in which the missing trust is stated?
Which “initial tutorial” command did you use?
I tried any sensible command I could find above and none of them gave me a ‘real error’ message, in which the name of an untrusted CA pops up.

Sorry that wasn’t clear, I updated my answer. Hope it helps?

1 Like

@theonlyandy It didn’t and yet it did! I still got the same non-informational Cannot connect to “ something" error. But that got me thinking that I needed to check out the debug settings for the icaclient.
When I run your command, while in the same (working) directory as this file (or a copy of it): /opt/Citrix/ICAClient/nls/en/debug.ini, then I get the prophetic missing CA!

Just to report in I tried the instructions but was unable to launch anything from a webpage that has all our ICA files. Seems that Firefox or other browsers actually start Citrix using a small shell script /opt/Citrix/ICAClient/

I modified it to include the LD_PRELOAD library and works fine now. Otherwise it wouldn’t open up the ICA files from the web.

export ICAROOT
$ICAROOT/wfica -file $1

Hope that helps someone.

1 Like