Addition to trusting certificates from your employer to assist with SSL errors.
missed bold on a step.
|Deletions are marked like this.||Additions are marked like this.|
|Line 129:||Line 129:|
|Step 4: Run /opt/Citrix/ICAClient/util/ctx_rehash||'''Step 4:''' Run /opt/Citrix/ICAClient/util/ctx_rehash|
Table of contents:
Installing icaclient_13 on Wheezy
If you are using a custom Linux kernel for 64-bit PC and want to run 32-bit programs, then you have to set the CONFIG_IA32_EMULATION Linux build configuration option, otherwise you won't be able to run 32-bit binaries.
First add the i386 architecture to your system:
$ dpkg --add-architecture i386 $ dpkg --print-architecture amd64 $ dpkg --print-foreign-architectures i386
As mentioned on mahesha.com (see sources) one needs to install files listed below.
$ aptitude install libxp6:i386 $ aptitude install libsm6:i386 $ aptitude install libxmu6:i386 $ aptitude install libxinerama1:i386 $ aptitude install libglib2.0-0:i386 $ aptitude install libxft2:i386 $ aptitude install libgtk2.0-0:i386
deb [arch=amd64,i386] http://http.us.debian...snip
Ubuntu.com (see sources) shows how to get rid of the nspluginwrapper dependency.
$ cd ~/Downloads $ mkdir ica_temp $ dpkg-deb -x icaclient_13.0.0_amd64.deb ica_temp $ dpkg-deb --control icaclient_13.0.0_amd64.deb ica_temp/DEBIAN $ su # emacs ica_temp/DEBIAN/control
And get rid of nspluginwrapper in the section Depends.
Rebuild the package.
$ dpkg -b ica_temp icaclient-modified.deb
Install this modified package.
$ su # dpkg -i icaclient-modified.deb
As last mission I had to export ThawtePremiumServerCA.crt into folder /opt/Citrix/ICAClient/keystore/cacerts as PEM file. It's quite possible that not everyone would have to do this last thing. Update: It turned out that the above mentioned is not needed.
One way to launch a session is like so: /opt/Citrix/ICAClient/wfica.sh launch.ica. Update: Launching like this lead to an error message SSL error, Contact your helpdesk with the following information: A network error occorred (SSL error 4). Lauching the application (Citrix remote desktop connection, Citrix Receiver) from within iceweasel by applying Open with wfica.sh did not bring an SSL error.
Installing icaclient_13 on Jessie
Download the official citrix receiver for Debian available here and run the following commands:
$ sudo apt-get install libwebkitgtk-1.0-0 $ sudo dpkg -i icaclient_188.8.131.524519_amd64.deb
Note: Please modify the above command based on the latest icaclient version
You will neeed to configure Iceweasel to run the "launch.ica" file via "/opt/Citrix/ICAClient/wfica.sh"
Below is the fix for the SSL error
$ sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
Installing icaclient_19 on Stretch
$ sudo apt-get install libwebkitgtk-1.0-0 $ sudo dpkg -i icaclient_184.108.40.206_amd64.deb
Installing icaclient_19 on Buster
Installing icaclient_20 on Buster
In 2018, Citrix Receiver was replaced by Citrix Workspace app. Download the official Citrix Workspace app for Debian available here and install it using dpkg -i as root (or with sudo). You do not, in my experience, need to install anything from stretch. You will (I assume) need the dependencies in citrix's .deb - on my gnome installation they were already installed
As noted above, if you get an ssl error when connecting then the following should fix it:
Your Employers CA Certificates
The following steps provide guidance on downloading CA certificates from your employer and using the ctx_rehash tool. These steps were required to access
Step 1: Download CA certificate in PEM format. Save the certificate with .crt file extension.
Step 2: Switch to root user (or use sudo) and copy the .crt CA certificate file to /opt/Citrix/ICAClient/keystore/cacerts/ folder.
Step 3: Create a symbolic link from the mozilla certificates to Citrix's cacerts directory:
# ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
Step 4: Run /opt/Citrix/ICAClient/util/ctx_rehash
Citrix's packaging is not high quality, for example:
- files are installed in /opt;
- there are multiple statically linked files;
- there are multiple embedded libraries;
- the postinst is several scripts pasted together;
- the postinst and makes a number of modifications to your system;
- the postinst attempts to integrate with netscape;
- the postinst installs a plugin for either gstreamer1.0 or 0.10.0 depending on which version it finds installed (there are comments in the postinst that say 0.10 is preferred, but in my experience it works fine with 1.0);
- the postinst deletes files in $HOME for every user.
These deficiencies apply to all versions from (at least) 13 to 20.