# citrix ica client

## deflin39

I just emerged the citrix icaclient package and everything went smooth, but I'm stuck now.

When I click on the "Citrix Destop" icon on my works Citrix portal, it wants to download launch.asp.  I wasnt sure how to open this from firefox, so I just saved it.  How do I get firefox to work with the client?

Also, I tried running the command `/opt/ICAclient/wfica launch.asp` but it complained that I wasn't trusting the security certificate.  It never gave me an option to.

I pretty lost as of now so any help would rock.

deflin39

----------

## nobspangle

If your work are running citrix secure gateway, I'm pretty sure you can only connect from windows clients. I did try connecting to mine from a linux box and got the same result, so I assumed that was the case. I may try playing with it further.

If they are just running the standard web interface it shouldn't matter what platform you are connecting from.

----------

## nobspangle

I've just read the client manual and it does work, what you need to do is put the root server certificate used by your server into keystore/cacerts I think they should have the .crt extension.

----------

## deflin39

OK, that is good news.  So how do I go about obtaining the root server certificate and what directory do I put it in?

Thanks,

deflin39

----------

## deflin39

Ok, I read up on the manual and it seems there are only a few root certiciates built into the Linux Citrix client.  My work appears to be using Equifax for their CER needs, so I found one and downloaded it into the /keystore/cacerts directory.  However, the extension on the file was .cer and all the other certificates were .crt, so I just renamed the file to match.

Doing this seemed to help, but now the client is complaining because "There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37)".  

I have been trying to set all this up in the wfcmgr because everytime I try to run wfica on launch.asp, I get a seg fault (this is my computer at work now, I will try it also when I get home).

Edit: Sorry, my knowledge of SSL is pretty lame.  Was I suppose to obtain the certificate from my work?  If so, do I have to ask the citrix admin for it, or how else would I get it?  From my windows box, I just go to the website and everything works so I assume there is a way to grab the cert if need be.

deflin39

----------

## nobspangle

You won't be able to set up a connection in wfcmgr you need to get a tick from the system so that you can log on from outside the network, this is why you have to go through the web interface.

Here's how I got it to work, 

First off I went to my works and checked out the certificate chain, you can do this by double clicking the padlock. I download the intermediate certificate and put that in the keystore/cacerts directory.

Then I went back to the webinterface using firefox, I right clicked the application I needed to connect to and chose the save link as option. This should download a file called launch.ica (not .asp).

I then tried to run the ica file with

```
/opt/ICAClient/wfica launch.ica
```

however this gave me an error about not being able to contact a proxy server so I opened the ica file in a text editor and removed the lines about proxytype and proxytimeout then I ran the command again and it connected no problem

----------

## deflin39

How did you download the intermediate certificate?  Did you use firefox?  I clicked on the padlock and could view the cert, I just couldn't save it.

deflin39

----------

## nobspangle

To be honest I'm the server admin at work so I have a copy of the certificate. It should be possible to get it from the CA, if not you can retrieve it from a windows PC by installing it then exporting it from the certificate store.

----------

