Citrix ICAClient in Linux didn’t work out-of-the-box at my Ubuntu. I logged in to the MetaFrame Web Interface and tried to start an application but I got an error “You have not chosen to trust Thawte Premium Server CA, the issuer of the server’s security certificate.
After some googling I found out that I actually have to copy Thawte’s root certificates to the /usr/lib/ICAClient/keystore/cacerts directory (in my case web server’s certificate was issued by Thawte). After the copy I also had to make a symbolic link because ICAClient seems to read only .crt files from the cacerts directory.
Here is the complete procedure:
1. Download Citrix ICAClient for Linux from http://www.citrix.com
2. Extract the tar-package, run setupwfc installation script and follow the on screen instructions.
4. Download your certificate issuer’s root certificates. Thawte’s could be found at http://www.thawte.com/roots
5. Copy the correct .cer file to the /usr/lib/ICAClient/keystore/cacerts (in my case the right root certificate was ThawtePremiumServerCA.cer)
cp path_to_root_certificate/ThawtePremiumServerCA.cer .
6. Create symbolic link in the cacerts directory so a your_root_cert.crt link points to your_root_cert.cer file.
ln -s ThawtePremiumServerCA.cer ThawtePremiumServerCA.crt