Friday, January 1, 2010

You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61) ubuntu citrix ICA client FIX

You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61) ubuntu citrix ICA client FIX.

I use a citrix ICA client to remote into work and I began to get the error:
You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61)

To fix this I downloaded the new root certificates:
wget https://www.verisign.com/support/thawte-roots.zip
unzip thawte-roots.zip


Now we need to find were we need to put the new cert file, I found this by searching doing this:
find -name *cacert*

I copied the new file using this command:
sudo cp -v Thawte\ Roots/Thawte\ SSLWeb\ Server\ Roots/Thawte\ Premium\ Server\ CA.cer ~/./ICAClient/linuxx86/keystore/cacerts/ThawtePremiumServerCA.crt

Then I retried the citrix ICA client, did not even need to restart my browser, and it worked!

8 comments:

PerpLeX42 said...

Hey, thanks alot, helped loads :) Been playing around with this for a while to get connected to my uni Remote Apps Srv.

.:milko:. said...

Thank you very much for posting! I helped a lot! Thanks again.

Mr. Figgs said...

Also worked for Windows 7 64bit, just get the zip file and install the certificates using the windows wizard

Mike said...

Ubuntu already comes with basically every CA certificate in existence, located in /etc/ssl/certs/

For a better solution, try this:

sudo ln -s /etc/ssl/certs/Thawte_Premium_Server_CA.pem /usr/lib/ICAClient/keystore/cacerts/

or for all certificates:

sudo mv /usr/lib/ICAClient/keystore/cacerts/ /usr/lib/ICAClient/keystore/cacerts.old/
sudo ln -s /etc/ssl/certs/ /usr/lib/ICAClient/keystore/cacerts/


Don't worry about the fact that the certificates in /etc/ssl/certs/ are .pem files and the ones that come with the ICA client are .crt, they're both exactly the same format and most software can read/look for both.

Pavan K. Ghatty said...

This is fantastic. Great help!

Unknown said...

Note if you install the 64-bit deb package of citrix receiver you need to symlink as follows:

sudo ln -s /etc/ssl/certs /opt/Citrix/ICAClient/keystore/cacerts

Sias said...

this worked for me
sudo ln -s /etc/ssl/certs/Thawte_Premium_Server_CA.pem /opt/Citrix/ICAClient/keystore/cacerts/

Rachel Burr said...

Cheap Wildcard SSL - Cheap SSL certificates (including wildcard and multi-domain (SAN) SSL certificates) from Comodo, GeoTrust, Thawte and Symantec (VeriSign)