Even after months of error-free use, Citrix Receiver, ICA Client or Workspace App on Linux may display an error message, usually after an update.
You have chosen not to trust Entrust Root Certification Authority – G2. SSL error 61The error message is often caused by outdated SSL certificates. Citrix Client comes with its own collection of SSL certificates during installation. In this case, it is advisable to use the operating system’s SSL certificate store, which is maintained by the distribution and appears to be kept at a more reliable level.
To troubleshoot the problem, we delete the existing certificates of the ICA client.
cd /opt/Citrix/ICAClient/keystore/cacerts/
sudo rm *.*Contrary to previous instructions, we no longer set a symlink to the system’s own certificates at this point, as these could potentially be overwritten when updating the Icaclient. I trust the wisdom of the distribution maintainers more than Citrix in this regard. Therefore, we simply copy the contents of the system’s own certificates to Citrix. In doing so, we deliberately keep the two certificate stores separate. With the following command, we make the directory readable for all programmes and users.
sudo cp /etc/ssl/certs/*.* /opt/Citrix/ICAClient/keystore/cacerts/
sudo chmod -R 555 /opt/Citrix/ICAClient/keystore/cacertsRestart the ICA client and the connection should work without any error messages.