Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..." on Receiver for Linux

Description

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information

For Firefox certificate bindings: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Receiver for Linux displays the following error when launching published desktops/applications:
You have not chosen to trust "Certificate Authority", the issuer of the server's security certificate (SSL error 61).

SSL error You have not chosen to trust "Name of Certificate", the issuer of the server's security certificate (SSL error 61)

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Update to the Latest Receiver Version

Upgrade to the latest version of Receiver to verify if this resolves the issue.

If you are using SHA2 certificates then the older version of Receiver does not support these certificate. Refer to CTX200114 - Citrix Receiver Support for SHA-2 to view the Receiver versions which supports SHA-2 certificates.

If this does not resolve the issue then proceed to the next section.

For information on Receiver feature updates refer to - Citrix Receiver Feature Matrix.

Missing Root/Intermediate Certificate

This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the server certificate.

Use a root certificate

If you need to authenticate a server certificate that was issued by a certificate authority and is not yet trusted by the user device, follow these instructions before adding a StoreFront store.

Obtain the root certificate in PEM format.
- Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
As the user who installed the package (usually root):
1. Copy the file to $ICAROOT/keystore/cacerts.
2. Run the following command:
  - $ICAROOT/util/ctx_rehash

Use an intermediate certificate

If your StoreFront server is not able to provide the intermediate certificates that match the certificate it is using, or you need to install intermediate certificates to support smart card users, follow these steps before adding a StoreFront store.

Obtain the intermediate certificate(s) separately in PEM format.
- Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.
As the user who installed the package (usually root):
1. Copy the file(s) to $ICAROOT/keystore/intcerts.
2. Run the following command as the user who installed the package:
  - $ICAROOT/util/ctx_rehash

Issue/Introduction

Receiver for Linux displays the following error when launching published desktops/applications: You have not chosen to trust "Name of Certificate", the issuer of the server's security certificate (SSL error 61)

Additional Information

In most of the occasions we might need set a link to Firefox's keystore to Citrix & below command will help to set the link to Firefox's keystore to Citrix
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts

https://en.code-bude.net/2017/05/03/how-to-fix-ssl-error-61-in-citrix-web-receiver-on-linux/

Welcome to "KB Articles"