basecho.blogg.se

1. #CITRIX RECEIVER FOR MAC INVALID OR MISSING CERTIFICATE INSTALL#
2. #CITRIX RECEIVER FOR MAC INVALID OR MISSING CERTIFICATE DOWNLOAD#

If the EPA still fails you should ask your company's Citrix Netscaler admins if they have disabled Linux logins completely. If it answers "gio: nsgcepa://: The specified location is not supported" or "klauncher said: Unknown protocol 'nsgcepa'" you need to add the protocol handler manually: $ xdg-mime default sktop x-scheme-handler/nsgcepa If it does not, you should check if the protocol handler for "nsgcepa://" works: $ xdg-open nsgcepa:// Now go to you company's Citrix URL again. $ cp /opt/Citrix/Browser-EPA/sktop /usr/share/applications/ desktop file had already been copied to where the system expects it to be: /usr/share/applications/. Change the Exec line to: Exec=env LD_LIBRARY_PATH=/opt/Citrix/lib LD_PRELOAD=/opt/Citrix/lib/libcurl.so.4 /opt/Citrix/Browser-EPA/nsgcepa desktop file provided in the nsepa package for that: /opt/Citrix/Browser-EPA/sktop. In order to use these libs instead of your system's libs, we have to fiddle with the way nsgcepa is being called. # cp libhogweed.so.4 libnettle.so.6 librtmp.so.0 libidn.so.11 /opt/Citrix/lib Create a directory for patched library files and copy libcurl.so.4 into it. I found one in the Steam runtime under ~/.local/share/Steam/ubuntu12_32/steam-runtime/usr/lib/x86_64-linux-gnu. Unfortunately you have to find an appropriate lib for yourself. I think this is a patched version from Ubuntu and I could not find an Arch package providing it, not even libcurl-compat. LibX11.so.6 => /usr/lib/libX11.so.6 (0x00007fe4401d9000)Īs you can see, the nsgcepa executable (which is the main executable of nsepa) has been linked to a libcurl.so.4 that contains the "CURL_OPENSSL_3" symbol. opt/Citrix/Browser-EPA/nsgcepa: /usr/lib/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /opt/Citrix/Browser-EPA/nsgcepa) Unfortunately your company might use and old version that has the following problem: Recent versions of the EPA are linked to libcurl-gnutls and you are done now. # debtap b Call the package "nsepa" and use the suggested version.

#CITRIX RECEIVER FOR MAC INVALID OR MISSING CERTIFICATE INSTALL#

You might need to install debtap AUR first.

Transform the Debian package into an Arch package with debtap. Under the error message you will see a button for downloading b. Opening the URL of your company's Citrix gateway will try to start the endoint check immediately, which (of course) fails, because you have not installed the EPA plugin, yet.

#CITRIX RECEIVER FOR MAC INVALID OR MISSING CERTIFICATE DOWNLOAD#

Download the EPA plugin from your company's Citrix gateway. Here is what you have to do to get it running: It seems like it was a browser plugin using the legacy NPAPI, but now it is just an application the browser calls with a protocol handler for "nsgcepa://". If your company has activated the optional endpoint analysis to check if your computer meets certain requirements, you will have to install another component, the EPA-Plugin. To do this, use this command (borrowed from ) Skipping this step might result in Citrix still giving certificate errors. Changes to your certificate directory will likely require rehashing links for openssl to find them properly.

# awk 'BEGIN ' < tls-ca-bundle.pem You may also need to download your CA's intermediate certificates and store them in the same directory. # cp /etc/ca-certificates/extracted/tls-ca-bundle.pem. You need to run the following commands as root: # cd /opt/Citrix/ICAClient/keystore/cacerts/ For Citrix versions before 13.1, run the following command as root: # ln -sf /etc/ssl/certs/* /opt/Citrix/ICAClient/keystore/cacerts/ Since versions 13.1, Citrix needs the certificates in separate files. Copy the certificates from /etc/ssl/certs/ to /usr/lib/ICAClient/keystore/cacerts/. These are already installed on most systems, they are part of the core package ca-certificates, but they are not where ICAClient looks for them. You do not have the root Certificate Authority (CA) certificates. You may then receive the error You have not chosen to trust the issuer of the server's security certificate.

If there is a certificate download and place it in /usr/lib/ICAClient/keystore/cacerts/. TLS/SSL Certificatesīecause ICAClient uses SSL you may need a security certificate to connect to the server, check with the server administrator. a text editor), make sure you have xorg-xprop installed. Note: If you are running Xfce and Chromium is opening the.