I was trying to connect to my office Citrix farm using the Citrix Metaframe Presentation Server web interface which was setup by the windows administrator. I faced some issues and found ways to fix them and got it working under linux.
First of all this should be noted that the Citrix ICA client for linux is java based and hence I got it working on the java enabled Firefox. When I connected to the gateway server I was presented with a screen asking various authentication things and the same screen also had an option to download the Citrix ICA client for linux. I downloaded and installed the client although it was quite outdated – ver 7.0 as compared to the latest version 9.0. I still downloaded it as I knew the latest will not work on my slackware laptop as I did not have the required version of libmotif installed (actually lesstiff). After installing it, I connected to the gateway interface of my company and when I clicked on the required desktop, I was prompted by firefox as it did not understood how to handle the .ica file. So I chose the /usr/lib/ICAClient/wfica.sh to execute this. This prompting problem can be fixed using the file associations of your desktop environment. You should assiciate .ica files with the above shell script.
To my surprise I got prompted “You have chosen not to trust Thawte Premium Server CA”. I thought I needed to import the Thawte root certificates in firefox and hence downloaded them from http://www.thawte.com/roots/ website. But even after importing I got the same message. I then searched the web around and understood that I needed to import the root certificated to the
directory. The zip files of various Thawte certificates I downloaded above was having a file “Thawte Server Roots/ThawtePremiumServerCA.cer”, I copied this to /usr/lib/ICAClient/keystore/cacerts as ThawtePremiumServerCA.crt.
$ sudo cp ThawtePremiumServerCA.cer /usr/lib/ICAClient/keystore/cacerts/ $ sudo mv /usr/lib/ICAClient/keystore/cacerts/ThawtePremiumServerCA.cer /usr/lib/ICAClient/keystore/cacerts/ThawtePremiumServerCA.crt
The reason for rename was that the Citrix ICA client expects the .crt extension for the certificates.
This worked, and now I could see the desktop.