Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Add Globalsign certs to Citrix Workspace

bgstack15

Comments

I was setting up my Citrix Receiver client, now calling itself Workspace, and I finally got ready to connect to the corporate VDI farm. I couldn't connect to it and got a TLS error. I'm amused this stuff isn't loaded up already in the package, but whatever. I know what to do.

I found in my Steam directory some GlobalSign certificates. I'm sure one could just visit the scumbags themselves and get the files, but why create extra network traffic when I didn't have to?

$ locate -i globalsign | tail -n8 > ~/globalsign.certfiles
$ cat ~/globalsign.certfiles
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
/home/bgstack15/.local/share/Steam/steamapps/common/SteamLinuxRuntime_soldier/var/tmp-LIHOF1/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt

Copy them to the correct path for the Fedora-based ICA Client.

for word in $( cat ~/globalsign.certfiles ) ; do sudo cp -pi "${word}" /opt/Citrix/ICAClient/keystore/cacerts/ ; done

Change to that directory and then run a poor man's c_rehash shell loop. Although now that I think about this, I don't think this was necessary.

for word in *.crt ; do a="$( openssl x509 -hash -noout -in "${word}" )" ; sudo ln -s "${word}" "${a}.0.pem" ; done

Comments