« no more rounders
words fail me »

When you really haven’t chosen not to trust: Citrix, Mac OS X, and Entrust certificates

This is one that the support desk of my employer really should’ve answered, but they gave their usual, “You mentioned Macintosh in your e-mail, so this conversation stops here” response.

Anyway, they’ve just upgraded their Citrix access, and what used to work now gives the rather cruddy response:

SSL Error 0: You have not chosen to trust

Just what SSL Error 0: You have not chosen to trust “Entrust.net Secure Server Certification Authority”,the issuer of the server’s security certificate. Error number: 183 is supposed to mean to anyone, I don’t know. (Well, actually, I do know, but in rants like this it’s customary to feign ignorance in a huffy manner. Work with me here, people.)

So, to fix this:

  1. Make sure that Citrix ICA Client is installed
  2. Go to entrust.net/developer and click on Download Root Certificates
  3. Select Personal Use, and click on Download Certificates
  4. Download entrust_ssl_ca.cer and entrust_ssl_ca.der to your desktop
  5. Open a terminal (it’s in Applications/Utilities), and enter the following:
    cd /Applications/Citrix\ ICA\ Client/keystore/cacerts/
    cp -p ~/Desktop/entrust_ssl_ca.* .
    ln -s entrust_ssl_ca.cer entrust_ssl_ca.crt
  6. Exit the terminal, and try your Citrix session again.

There might be some unnecessary steps there, and this might all be fixed by downloading the latest release of the ICA client, but this works for me now.

Tags: , ,

This entry was posted on Thursday, December 14th, 2006 at 07:16:09 and is filed under computers suck. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “When you really haven’t chosen not to trust: Citrix, Mac OS X, and Entrust certificates”

  1. scruss Says:
    January 4th, 2007 at 20:55:50
    This also works under Ubuntu if you substitute the directory /usr/lib/ICAClient/keystore/cacerts/
  2. scruss Says:
    February 5th, 2007 at 12:41:04
    The direct links I gave to entrust_ssl_ca.cer and entrust_ssl_ca.der work fine without going through the ‘Personal Use’ login bit.
  3. Katie Says:
    June 19th, 2007 at 23:44:35
    Thank you so much for you posting. It was awesome.
  4. Kevin Says:
    July 11th, 2007 at 20:56:01
    This was great advice. Easy to follow for a computer novice. Thank you.
  5. Ben Welter Says:
    August 20th, 2007 at 10:26:07
    Thanks very much for posting this. Worked perfectly, saved me a long-distance call to IT support at work.
  6. scruss Says:
    December 3rd, 2007 at 16:18:53
    Jason, in step 5, you hit return between each of the lines; there are three separate commands
  7. 27p Says:
    October 30th, 2008 at 05:39:35
    Thanks for the fix, don’t think my help-desk would have been much help. Keep up the good work.

Leave a Reply