You have chosen not to trust “Thawte Premium Server CA”, the issuer of the server’s security certificate (SSL error 61).
If you hit this infuriating error, which seems to be common, it means that your particular Citrix endpoint (what you’re connecting to with the Citrix client) is using a certificate that the client doesn’t trust. The client doesn’t trust it probably because Citrix didn’t bundle a new or full enough set of root certificates with the client.
The fix is to get the client using an existing set of root certificates and I’d found the easiest way to achieve this is to symlink to the Mozilla Firefox certificates. This way, if those certs are updated, then the Citrix client will continue pointing to them.
NOTE: This guide is a re-post from many years ago, so details most probably have changed and need updating. I’ve posted this up again as there were so many links to this guide that are still receiving active traffic so the problem must still be bugging many people. The guide was originally written and tested on Ubuntu 8.10.
My quick solution (making a backup of whatever you change first) was to simply point the ICA certs dir at the mozilla one and my citrix client started working immediately:
sudo mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts_old sudo cp /opt/Citrix/ICAClient/keystore/cacerts_old/* /usr/share/ca-certificates/mozilla/ sudo ln -s /usr/share/ca-certificates/mozilla /opt/Citrix/ICAClient/keystore/cacerts
Some caveats are that there might be differing locations for the install of the Citrix client as well as the cacerts location depending on distro/version of linux and version of the citrix installer.
ICA Client might install to one of these locations depending on install method and version:
/opt/ICAClient/ /usr/lib/ICAClient/ /home/XXX/ICAClient/linuxx86/ - (where XXX is your user home)
and so your Citrix client’s cacerts dir would be located in keystore/cacerts/ inside whichever of the above locations your Citrix client installed to.
Mozilla CACerts should be located at the following location but may differ per distro:
I’m still investigating the following error codes if anyone wants to help out:
SSL Error 26 SSL Error 47