ALL_CERTS='/etc/pki/ca-trust/extracted/pem/*.pem /etc/pki/tls/*.pem /usr/share/pki/ca-trust-source/ca-bundle.trust.crt'
CITRIX=/opt/Citrix/ICAClient/keystore/cacerts
for x in ${ALL_CERTS}; do
ln -sf "${x}" "${CITRIX}"
done
Hello @FranciscoD and thank you for cleaning up my post. Those backticks will be really useful. I see that I also posted this in the top-level category and should not have – I will read more in #start-here.
With the instructions in the OP I have been able to open .ica files directly from my browser. Is that the same workflow that you are using, or are you launching Citrix directly from the Applications menu (or the KDE equivalent)?
When I launch the .ica file, the command works out to this (no brackets):
Hey @dee. Thank you for starting wfica from the command line. Everything looks good so far for wfica and its libraries. I think this means that there is still a problem withthe SSL certificates.
Does the server use a self-signed SSL certificate? If not, can we see the output of this command?:
I have been playing with a couple things over here and am not yet sure how that happened, but I did discover that my path to ca-bundle.trust.crt is an older path from a non-standard package. Could you try copying all of the certificate files into the Citrix directory?:
The packages Provide is for RedHat I dont’ know the difference in this kind of packaged altought pegleg3941 instruction seem to work follow the Product procedure with a limitation …
pegleg3941, thank you for taking the time to figure out how to make citrix receiver work. On each fedora release, this app can be a hit or miss.
After following your steps on a fresh install of F30, the libcrypto.so.1.0.2o library was not available on my system. I had to install the rpm compat-openssl10-1.0.2o-5.fc30.x86_64.rpm to get it.
As a note to others, the citrix receiver does not work well under wayland. So you will have to use X.
When logging to a windows machine with this version of citrix, the app switch functionality of the ALT + tab hot key does not work. You will have to use meta + alt + tab to get it to work…
Thanks a bunch, too! I was struggling with providing the right libraries for the client. Also the X tipp is great, I have been wondering.
Me too, I have been getting the error “Cannot connect to …”
After the great hints towards the certificate issue, I tried to download the ICA file, and execute it from the shell directly, which actually gave me a different error message that statet I didn’t trust Entrust CA. So I went and manually downloaded and added the cert to keystore.
That solved it for me – yay!
To reproduce:
Execute the ICA file in your terminal to get the real error message env LD_PRELOAD="/lib64/libcrypto.so.1.0.2o" /opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient [file.ica]
Download the missing CA certificate and copy it to /opt/Citrix/ICAClient/keystore/cacerts
I think this thread has brought me inches away from the finish line, so big thanks to all contributors! @theonlyandy Can you share a bit more info on how you got the error message in which the missing trust is stated?
Which “initial tutorial” command did you use?
I tried any sensible command I could find above and none of them gave me a ‘real error’ message, in which the name of an untrusted CA pops up.
@theonlyandy It didn’t and yet it did! I still got the same non-informational Cannot connect to “0.0.0.2 something" error. But that got me thinking that I needed to check out the debug settings for the icaclient.
When I run your command, while in the same (working) directory as this file (or a copy of it): /opt/Citrix/ICAClient/nls/en/debug.ini, then I get the prophetic missing CA!
Just to report in I tried the instructions but was unable to launch anything from a webpage that has all our ICA files. Seems that Firefox or other browsers actually start Citrix using a small shell script /opt/Citrix/ICAClient/wfica.sh
I modified it to include the LD_PRELOAD library and works fine now. Otherwise it wouldn’t open up the ICA files from the web.
Hi Everyone, I am new to Fedora but loving it so far. Wanted to contribute to this topic as I was struggling to get Citrix Workspace working and found this thread. Many helpful tips on there that got me 99% there. After following the many tips here, I was still getting an SSL error 61 saying that I had not trusted the godaddy root certificate. I tried exporting the godaddy certificates from firefox and then copying them to the /opt/Citrix/ICAClient/keystore/cacerts folder and then running the ./ctx_rehash command in the /opt/Citrix/ICAClient/util folder, but still got the error. Finally, I decided to go to the godaddy certificate repository and download and install the Intermediate certificate. It’s name is gdig2.crt.pem. I copied it to the cacerts folder as I had done before and then ran the ctx_rehash command again. BAM! that was it! I was in! So whoever your CA is, if you are getting the SSL error 61, try getting and installing the Intermediate certificate.
Thanks to all on this thread that helped me. I love working in Linux. It’s harder and you have to figure out things for yourself, but that’s not a bad thing.
Awesome! Thanks. This got citrix to work just fine via the browser. To get the Workspaces app to work as an app from the gnome shell, I modified the serlfservice.desktop file
sudo vim /usr/share/applications/selfservice.desktop
Changed the exec line to be: