NB: this article is a few years old, and I haven’t tested any updates since I wrote it. It may still work; who knows?
This is one that the support desk of my employer really should’ve answered, but they gave their usual, “You mentioned Macintosh in your e-mail, so this conversation stops here” response.
Anyway, they’ve just upgraded their Citrix access, and what used to work now gives the rather cruddy response:
Just what SSL Error 0: You have not chosen to trust “Entrust.net Secure Server Certification Authority”,the issuer of the server’s security certificate. Error number: 183 is supposed to mean to anyone, I don’t know. (Well, actually, I do know, but in rants like this it’s customary to feign ignorance in a huffy manner. Work with me here, people.)
So, to fix this:
- Make sure that Citrix ICA Client is installed
- Go to entrust.net/developer and click on Download Root Certificates
- Select Personal Use, and click on Download Certificates
- Download entrust_ssl_ca.cer and entrust_ssl_ca.der to your desktop
- Open a terminal (it’s in Applications/Utilities), and enter the following:
cd /Applications/Citrix\ ICA\ Client/keystore/cacerts/
cp -p ~/Desktop/entrust_ssl_ca.* .
ln -s entrust_ssl_ca.cer entrust_ssl_ca.crt - Exit the terminal, and try your Citrix session again.
There might be some unnecessary steps there, and this might all be fixed by downloading the latest release of the ICA client, but this works for me now.
This also works under Ubuntu if you substitute the directory /usr/lib/ICAClient/keystore/cacerts/
The direct links I gave to entrust_ssl_ca.cer and entrust_ssl_ca.der work fine without going through the ‘Personal Use’ login bit.
Thank you so much for you posting. It was awesome.
This was great advice. Easy to follow for a computer novice. Thank you.
Thanks very much for posting this. Worked perfectly, saved me a long-distance call to IT support at work.
Jason, in step 5, you hit return between each of the lines; there are three separate commands
Thanks for the fix, don’t think my help-desk would have been much help. Keep up the good work.
Thanks for the info. FYI, you don’t need the .der certificate, and you can simply rename the .cer to .crt instead of creating a symlink. Just the following worked for me in Ubuntu:
cd /usr/lib/ICAClient/keystore/cacerts
sudo wget https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer
sudo mv entrust_ssl_ca.cer entrust_ssl_ca.crt
And if you think you get blown off when mentioning a Mac, just try mentioning Linux and see if they have even heard of it 🙂
Thanks, this didn’t quite work for me but it gave me the right direction. For some reason the entrust_ssl_ca.cer did not load to the desktop, it kept loading in firefox only as a txt file…. so what i ended up doing is moving the entrust_ssl_ca.der file into Applications/Citrix ICA/keystore/cacerts and it worked! thank you 🙂
Toby johnson’s suggestion of copying the .cer file worked perfectly for me . Thanks for the suggestion
The following settings worked for me in Fedora 13.
cd /usr/lib/ICAClient/keystore/cacerts
sudo wget https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer
sudo mv entrust_ssl_ca.cer entrust_ssl_ca.crt
Thanks to all..
Great Great help!!!