Have you seen the error “You have chosen not to trust XXX Server CA, the issuer of the server’s security certificate (SSL error 61).” on Citrix Linux Plugin for XenApp (formerly known as ICA client)? It may be because the certificate authority from whom you get your server certificate is not trusted by your client.

I’ve got questions from users about this error. And I’ve made a request to product team to mitigate this issue. Please see comments from my earlier blog.

There are articles you can find on the Internet which describe a solution. However some users found videos more helpful than text only version. So I decided to create a video version of it.

You will need to download the right certificates. If you have questions, you may want to ask your server administrators or your certificate authorities who issue your server certificates. Alternatively you may be able to export the certificates you need from your firefox browser on the same Linux machine.

Here is an article I found that contains useful text based instruction and has a script that automates the process. You may need to customize the script to fit your needs.

I hope in the future, the product team can find ways to mitigate this issue. One step is to trust more certificate authorities by default. It’s not difficult to implement. But I was told it might require some legal work to redistribute certificates from third parties. Another possibility is to share the trust with Firefox which will require more develop work. What do you think? Do you know how other Linux applications solve this issue?

Here is my earlier blog that explains how to install and use Linux ICA client.

I’d love to hear your feedbacks.

Ray (Ruiguo) Yang
Check out my other blogs
Subscribe to my blog RSS feed