Wednesday, July 25, 2012

Launching a Citrix published XenApp application on an HP t5745 Thin Client with ThinPro operating system throws the “Client Error”: “You have not chosen to trust “Certificate Authority”, the issuer of the server’s security certificate (SSL error 61).”

Problem

You attempt to launch a Citrix published XenApp application on an HP t5745 Thin Client with ThinPro operating but receive the following Client Error:

You have not chosen to trust “Certificate Authority”, the issuer of the server’s security certificate (SSL error 61).

image

The login portal:

image

… uses the same certificate but you have no problems or warnings logging in because you have already added the certificate as an exception.

Solution

This issue was a tough one because I’m in no way a Linux expert so I had no idea how to add certificate authorities on the ThinPro’s operating system so that it would trust the issuing authority because the issue here is that the thin client is configured in CDA mode which essentially opens up a browser to access the Citrix portal but then launches the application with the Citrix Receiver.  This meant that the browser would need to trust the certificate and the Citrix Receiver would need to as well.

After doing a few searches on Google, I finally found the following post where a user identifies the directory to copy the certificates:  http://forums.citrix.com/thread.jspa?threadID=262631

What you should do is basically copy the certificate authority that the thin client doesn’t trust onto a USB key, plug it into the thin client, open Terminal X:

image

… then issue the following commands:

  1. su
  2. fsunlock
  3. cd /media
  4. ls (to determine drive ID)
  5. cd (drive name from previous step)
  6. cp (certname) /usr/lib/ICAClient/keystore/cacerts/
  7. fslock
  8. reboot

The commands above will place the untrusted certificate authority into the trusted store of the receiver which will in turn allow you to launch applications without receiving the error above.

1 comment:

Anonymous said...

Works fine for me, thanks