https://bgstack15.ddns.net/blog/enContents © 2023 <a href="mailto:bgstack15@gmail.com">bgstack15</a> <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/"> <img alt="Creative Commons License BY-SA" style="border-width:0; margin-bottom:12px;" src="https://bgstack15.ddns.net/.images/l_by-sa_4.0_88x31.png"></a>Sun, 05 Mar 2023 14:05:10 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://bgstack15.ddns.net/blog/posts/2022/01/13/add-globalsign-certs-to-citrix-workspace/bgstack15<p>I was setting up my Citrix Receiver client, now calling itself Workspace, and I finally got ready to connect to the corporate VDI farm. I couldn't connect to it and got a TLS error. I'm amused this stuff isn't loaded up already in the package, but whatever. I know what to do.</p> <p>I found in my Steam directory some GlobalSign certificates. I'm sure one could just visit the scumbags themselves and get the files, but why create extra network traffic when I didn't have to?</p> <div class="code"><pre class="code literal-block">$ locate -i globalsign <span class="p">|</span> tail -n8 &gt; ~/globalsign.certfiles $ cat ~/globalsign.certfiles /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt /home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt </pre></div> <p>Copy them to the correct path for the Fedora-based ICA Client.</p> <div class="code"><pre class="code literal-block">for word in $( cat ~/globalsign.certfiles ) ; do sudo cp -pi "<span class="cp">${</span><span class="n">word</span><span class="cp">}</span>" /opt/Citrix/ICAClient/keystore/cacerts/ ; done </pre></div> <p>Change to that directory and then run a poor man's <code>c_rehash</code> shell loop. Although now that I think about this, I don't think this was necessary.</p> <div class="code"><pre class="code literal-block">for word in *.crt ; do a="$( openssl x509 -hash -noout -in "<span class="cp">${</span><span class="n">word</span><span class="cp">}</span>" )" ; sudo ln -s "<span class="cp">${</span><span class="n">word</span><span class="cp">}</span>" "<span class="cp">${</span><span class="n">a</span><span class="cp">}</span>.0.pem" ; done </pre></div>certificatescitrixvdihttps://bgstack15.ddns.net/blog/posts/2022/01/13/add-globalsign-certs-to-citrix-workspace/Thu, 13 Jan 2022 14:16:16 GMT