Tuesday, July 24, 2012

Launching a Citrix published XenApp application on a repurposed desktops with Stratodesk NoTouch Desktop throws the “SSL error”: “Contact your help desk with the following information: The security certificate “someURL.domain.com” could not be validated. (SSL provider code: unable to get local issuer certificate, SSL error 86).”

Problem

You’ve deployed Stratodesk’s NoTouch Desktop on a repurposed PC and attempt to launch a Citrix XenApp application through the portal via the Mozilla browser but receive the following error:

SSL error

Contact your help desk with the following information: The security certificate “someURL.domain.com” could not be validated. (SSL provider code: unable to get local issuer certificate, SSL error 86).

image

You are able to sign in through the login prompt that uses the same certificate without any issues:

image

Solution

The reason why this error is thrown is because the Citrix Receiver and the Mozilla browser within the Stratodesk operating system have uses separate stores to determine which certificate authorities they trust. This means that putting in an exception for the Mozilla browser would get your through the login portal without any warnings but when you launch an application and the Citrix Receiver, it will look into its own trusted store which may not have the issue certificate authority.

To get around the problem, you will need to copy the issuing certificate authority’s certificate (.cer file) into the following directory:

/usr/lib/ICAClient/keystore/cacerts/

… via the console option when you go into the configuration option:

image

Once the certificate file is in the store, reboot the operating system and you should be able to launch the applications.

**Note that the certificate’s .cer file MUST NOT contain any spaces or the file will disappear from the directory after a reboot.

To get the file onto the desktop, you can either plug in a USB key with the certificates and use the console to get to the following directory:

/tmp/devshares

… or upload the certificates by browsing to the client’s IP and using the administration page:

image

image

image

All certificates uploaded to via this method will end up in the following directory:

/config/certificates

Hope this helps anyone out there that may come across this problem.

1 comment:

Anonymous said...

Your blog is really good, thank you I find the solutions for my problems in your blog.