I admit, the title is quite specific and will certainly appeal to only a small readership. But anyone who is facing the problem will be, like me, grateful for a solution.
In particular, the problem is about the SSL error 61 in the Citrix (Web) receiver under Linux and how to fix it. Since I have been running almost exclusively under Kubuntu for several months, the Citrix Reiceiver also moved into the new Linux box. Unfortunately, no connection to systems could be established, since the receiver disconnected with the following error message.
SSL Error 61: You have not chosen to trust “Go Daddy Root Certificate Authority – G2”, the issuer to the server’s security certificate.
What does that tell us? The web receiver wants to check the certificate of the server while connecting, but fails because it does not know the root certificate or better said it does not trust it. Accordingly, you can actually use an arbitrary root authority in the error message, since the error message would raise up with every missing authority certificate.
Now there are two solutions. Either you get the missing certificates and insert them into the following directory:
/opt/Citrix/ICAClient/keystore/cacerts
Or you have Firefox installed… How does Firefox help us? Because the root certificates of Firefox can be shared with the Citrix receiver with only one command via symbolic links. The whole works as follows:
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts
In this case, a symbolic link for each root certificate that the Firefox knows is created in the Citrix directory, so that it can participate. Now your SSL error 61 should be gone.
If, for whatever reason, you want to undo the changes, you can run the following two commands:
cd /opt/Citrix/ICAClient/keystore/cacerts sudo find -type l -delete
running ubuntu 22.10, this one worked for me
sudo ln -s /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts
thanks for pointing me in the right direction!
After trying numerous things, this was the solution that works.
Thanks so much LUKA
This even worked for my 22.04 release of Ubuntu. Thank you very much Luka
This even worked for my 22.04 release of Ubuntu.
Thank you very much Luka.
i have ubunutu 22.04
copying the certificates (solution 2) didn’t work for me
the first solution did work for me, more precisely i downloaded from https://www.quovadisglobal.com/download-roots-crl/ the file https://www.quovadisglobal.com/wp-content/files/media/qvrca2_pem.pem into /opt/Citrix/ICAClient/keystore/cacerts
i mention this because there are several formats you can download and the (to me) obvious one *.crl didn’t work
LUKA for the president! Yeah this one finally made it work! Thx!
If anyone having the same issue still after this fix. Might want to check your keystore/cacerts isn’t stored elsewhere depending on where you installed the citrix client.
i.e. /home/user/ICAClient/* rather than /opt/citrix
need to link to the keystore that’s in use.
Hi,
Thank you for posting this, Saved my day.
I am still getting SSL error 61 message on my Ubuntu 20.04 desktop. WHen I type I get these error messages (see below). ANy ideas?
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
I get the following messages in Terminal:
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/T-TeleSec_GlobalRoot_Class_2.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/T-TeleSec_GlobalRoot_Class_3.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/TWCA_Global_Root_CA.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/TWCA_Root_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/UCA_Extended_Validation_Root.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/UCA_Global_G2_Root.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/USERTrust_ECC_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/USERTrust_RSA_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/VeriSign_Universal_Root_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/XRamp_Global_CA_Root.crt’: File exists
Thanks a ton. It was of a lot of help.
Thank you! It works perfectly now
Thanks a lot – you saved me a lot of time!
Thanks so much – this fixed me up on Ubuntu 20.x
Wooow, thanks man. I was struggling to get this working on my linux laptop.
I must have read this article at least three times by now. Such a simple and elegant solution, but I keep forgetting until the next time I get stuck on this really very stupid bug. Thanks so much!
Bravissimo mi hai salvato il culo
pure a me, mille grazie!!!
Thumbs up!
Bravissimo mi hai salvato il culo!
Thanks. You saved my day. Been scratching my head
Even on Raspberry Pi with Pi OS out of the box the ln … statement works
Same here, working now, thanks for sharing.
Thanks buddy! Its working !
You saved my day, thanks a lot.
Hi guys, I fixed it on my Linux Mint , but I’m not able to fix this certificate issue on SuSe Leap 15.1. May be threre is a SuSe expert out there who can give me a hint.
Thanks & Regards
Thomas
I solved it for OpenSuSe Leap 15.2. Apparently, OpenSuSe stores certificates at a different place. I used this source: https://unix.stackexchange.com/questions/80131/how-do-i-install-a-system-wide-ssl-certificate-on-opensuse
If you use the following code:
sudo ln -s /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts
then it works.
I have done same steps but i am still getting SSL error 61
I ran
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts
Please help me solving this, i have ubuntu 16.04
I still have the same problem -ssl error 61 – on my ubuntu 20.04.
These are my terminal replies to the command you put to enter:
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/TWCA_Root_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/UCA_Extended_Validation_Root.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/UCA_Global_G2_Root.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/USERTrust_ECC_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/USERTrust_RSA_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/VeriSign_Universal_Root_Certification_Authority.crt’: File exists
ln: failed to create symbolic link ‘/opt/Citrix/ICAClient/keystore/cacerts/XRamp_Global_CA_Root.crt’: File exists
Had the same problem today after a receiver upgrade. Deleting and recreating the symlinks helped.
sudo find -type l -delete
sudo ln -s /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts
Months of on and off searches, including the Citrix sites, and the fix was this simple. Give this man a raise.
Noice.
Thank you for your time.
Thank you, great post. Very helpful.
Thank you so much – I was completely stuck on this