Geek tips, linux, programming, hacks: You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61) ubuntu citrix ICA client FIX

Friday, January 1, 2010

You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61) ubuntu citrix ICA client FIX

You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61) ubuntu citrix ICA client FIX.

I use a citrix ICA client to remote into work and I began to get the error:
You have not chosen to trust "Thawte Premium Server CA", the issuer of the server's security certificate (SSL error 61)

To fix this I downloaded the new root certificates:
wget https://www.verisign.com/support/thawte-roots.zip
unzip thawte-roots.zip

Now we need to find were we need to put the new cert file, I found this by searching doing this:
find -name *cacert*

I copied the new file using this command:
sudo cp -v Thawte\ Roots/Thawte\ SSLWeb\ Server\ Roots/Thawte\ Premium\ Server\ CA.cer ~/./ICAClient/linuxx86/keystore/cacerts/ThawtePremiumServerCA.crt

Then I retried the citrix ICA client, did not even need to restart my browser, and it worked!

8 comments:

Unknown said...: Hey, thanks alot, helped loads :) Been playing around with this for a while to get connected to my uni Remote Apps Srv.; February 8, 2010 at 5:40 PM
.:milko:. said...: Thank you very much for posting! I helped a lot! Thanks again.; March 5, 2010 at 1:13 PM
Mr. Figgs said...: Also worked for Windows 7 64bit, just get the zip file and install the certificates using the windows wizard; May 2, 2011 at 9:38 AM
Mike said...: Ubuntu already comes with basically every CA certificate in existence, located in /etc/ssl/certs/

For a better solution, try this:

sudo ln -s /etc/ssl/certs/Thawte_Premium_Server_CA.pem /usr/lib/ICAClient/keystore/cacerts/

or for all certificates:

sudo mv /usr/lib/ICAClient/keystore/cacerts/ /usr/lib/ICAClient/keystore/cacerts.old/
sudo ln -s /etc/ssl/certs/ /usr/lib/ICAClient/keystore/cacerts/

Don't worry about the fact that the certificates in /etc/ssl/certs/ are .pem files and the ones that come with the ICA client are .crt, they're both exactly the same format and most software can read/look for both.; July 19, 2011 at 12:07 AM
Pavan K. Ghatty said...: This is fantastic. Great help!; March 27, 2012 at 6:39 AM
Senyahnoj said...: Note if you install the 64-bit deb package of citrix receiver you need to symlink as follows:

sudo ln -s /etc/ssl/certs /opt/Citrix/ICAClient/keystore/cacerts; September 17, 2013 at 2:47 AM
Sias said...: this worked for me
sudo ln -s /etc/ssl/certs/Thawte_Premium_Server_CA.pem /opt/Citrix/ICAClient/keystore/cacerts/; February 3, 2014 at 2:08 PM
bbneo said...: Thanks, man. Something analogous to this worked for me... in 9/2014...; September 12, 2014 at 2:18 AM