Redhat yum update /usr/share/rhn/RHNS-CA-CERT is expired.

On a RHEL 6 server connected to a satellite when doing a yum update I got :-

yum update

Loaded plugins: product-id, rhnplugin, search-disabled-repos, security

The certificate /usr/share/rhn/RHNS-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct.

so

cat /usr/share/rhn/RHNS-CA-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
Validity
Not Before: Aug 29 02:10:55 2003 GMT
Not After : Aug 26 02:10:55 2013 GMT
Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com

Diagnostics

Check /etc/sysconfig/rhn/up2date

It had

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHNS-CA-CERT

But on another RHEL 6 server using the same satellite it had

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

The fix

I copied over /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT  from the working machine and changed /etc/sysconfig/rhn/up2date :-

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

 

Now  yum update worked.

Yum errors RHEL

When trying to do a yum install I got errors when actually trying to download

yum install mysql-server
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package mysql-server.x86_64 0:5.1.73-8.el6_8 will be installed
–> Processing Dependency: mysql = 5.1.73-8.el6_8 for package: mysql-server-5.1.73-8.el6_8.x86_64
–> Processing Dependency: libcrypto.so.10(libcrypto.so.10)(64bit) for package: mysql-server-5.1.73-8.el6_8.x86_64
–> Processing Dependency: libssl.so.10(libssl.so.10)(64bit) for package: mysql-server-5.1.73-8.el6_8.x86_64
–> Processing Dependency: perl-DBD-MySQL for package: mysql-server-5.1.73-8.el6_8.x86_64
–> Running transaction check
—> Package mysql.x86_64 0:5.1.73-8.el6_8 will be installed
–> Processing Dependency: mysql-libs = 5.1.73-8.el6_8 for package: mysql-5.1.73-8.el6_8.x86_64
—> Package openssl.x86_64 0:1.0.0-20.el6_2.3 will be updated
—> Package openssl.x86_64 0:1.0.1e-57.el6 will be an update
—> Package perl-DBD-MySQL.x86_64 0:4.013-3.el6 will be installed
–> Running transaction check
—> Package mysql-libs.x86_64 0:5.1.61-1.el6_2.1 will be updated
—> Package mysql-libs.x86_64 0:5.1.73-8.el6_8 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mysql-server x86_64 5.1.73-8.el6_8 rhel-x86_64-server-6 8.6 M
Installing for dependencies:
mysql x86_64 5.1.73-8.el6_8 rhel-x86_64-server-6 895 k
perl-DBD-MySQL x86_64 4.013-3.el6 rhel-x86_64-server-6 134 k
Updating for dependencies:
mysql-libs x86_64 5.1.73-8.el6_8 rhel-x86_64-server-6 1.2 M
openssl x86_64 1.0.1e-57.el6 rhel-x86_64-server-6 1.5 M

Transaction Summary
================================================================================
Install 3 Package(s)
Upgrade 2 Package(s)

Total download size: 12 M
Is this ok [y/N]: y
Downloading Packages:

 

Error Downloading Packages:
mysql-5.1.73-8.el6_8.x86_64: failed to retrieve getPackage/mysql-5.1.73-8.el6_8.x86_64.rpm from rhel-x86_64-server-6
error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”
perl-DBD-MySQL-4.013-3.el6.x86_64: failed to retrieve getPackage/perl-DBD-MySQL-4.013-3.el6.x86_64.rpm from rhel-x86_64-server-6
error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”
mysql-libs-5.1.73-8.el6_8.x86_64: failed to retrieve getPackage/mysql-libs-5.1.73-8.el6_8.x86_64.rpm from rhel-x86_64-server-6
error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”
openssl-1.0.1e-57.el6.x86_64: failed to retrieve getPackage/openssl-1.0.1e-57.el6.x86_64.rpm from rhel-x86_64-server-6
error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”
mysql-server-5.1.73-8.el6_8.x86_64: failed to retrieve getPackage/mysql-server-5.1.73-8.el6_8.x86_64.rpm from rhel-x86_64-server-6
error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”

error was [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 503”

Even a yum repolist had intermittant errors

Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-x86_64-server-6. Please verify its path and try again

I tried various things like yum clean all and even removing the rpm db and remaking it.

The fix

In the end I found a similar RHEL box that was working and checked what yum would be updated to  :-

yum update yum
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Update Process
Resolving Dependencies
–> Running transaction check
—> Package yum.noarch 0:3.2.29-30.el6 will be updated
—> Package yum.noarch 0:3.2.29-81.el6 will be an update
–> Processing Dependency: python-urlgrabber >= 3.9.1-10 for package: yum-3.2.29-81.el6.noarch
–> Running transaction check
—> Package python-urlgrabber.noarch 0:3.9.1-8.el6 will be updated
—> Package python-urlgrabber.noarch 0:3.9.1-11.el6 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
yum noarch 3.2.29-81.el6 rhel-x86_64-server-6 1.0 M
Updating for dependencies:
python-urlgrabber noarch 3.9.1-11.el6 rhel-x86_64-server-6 86 k

Transaction Summary
================================================================================
Upgrade 2 Package(s)

Total download size: 1.1 M
Is this ok [y/N]: N
Exiting on user Command

Then I searched for those packages on our Redhat Satelitte server

locate yum | grep 3.2.29-81 | grep rpm/var/satellite/redhat/NULL/370/yum/3.2.29-81.el6/noarch/3702066d6cc553db72e489daa1d8151db6af604657e47dee229c0acfa5ccab62/yum-3.2.29-81.el6.noarch.rpm
/var/satellite/redhat/NULL/dab/yum-cron/3.2.29-81.el6/noarch/dab067a9e2f5be14cc74f9af04c0415ff10eecf24bb095da124bc2acf78d7530/yum-cron-3.2.29-81.el6.noarch.rpm

locate urlgrabber | grep 3.9.1-11.el6 | grep rpm/var/satellite/redhat/NULL/4dd/python-urlgrabber/3.9.1-11.el6/noarch/4dd271d930e48809b7ab2832f1029fafc7c2268af018f27217c42f3d2c398835/python-urlgrabber-3.9.1-11.el6.noarch.rpm

Then scp’d them over to the faulty box /var/tmp and did a manual rpm -Uvh with them

Now yum install and yum repolist work without any issues

 

ssh fatal: buffer_get: trying to get more bytes than in buffer

The issue

You are using ssh to login to a server with ssh key authentication and you get connection closed. On the server you are logging into the syslog shows as messages like

Oct 17 11:30:02 myserver sshd[27687]: [ID 800047 auth.crit] fatal: buffer_get: trying to get more bytes than in buffer

The fix

Check your authorized_keys file on the remote server. Use ssh-keygen -l -f  ~/.ssh/authorized_keys

ssh-keygen -l -f ~/.ssh/authorized_keys
buffer_get: trying to get more bytes than in buffer

The above shows there is at least one  key in your file that is the wrong format – usually because it is  split over several lines rather than being just one long line. (note it could be any key in the file – not the one you are using from your server ) Once you fix the key then confirm with ssh-keygen that all is well – it should return a md5 checksum.
ssh-keygen -l -f authorized_keys
md5 1024 5d:35:7e:ad:3d:e6:70:6d:6f:1d:76:1a:46:ee:c1:c9 authorized_keys

Now retry your ssh access

TSM ANS4042E one or more unrecognised characters and is not valid , Linux client

When backing up on a Linux client to TSM getting the error :-

ANS4042E Object name  contains one or more unrecognised characters and is not valid

In our case we had file names based on surnames – some of which had non english characters.

The fix was :-

export LANG=C

In our backup script.

 

E437: terminal capability “cm” required in Redhat or Centos 6

If you try to use vi or another curses based application in Redhat or Centos 6 and you get the error :-

E437: terminal capability “cm” required
Press ENTER or type command to continue
And your TERM type is something other than a vt100 like a dtterm then you need to install additional terminfo

The fix

yum install ncurses-term

Now ls /usr/share/terminfo/d   shows lots of entries rather than dumb

 

Install websm client on Linux to access HMC

Install websm client on Linux

From your Linux box copy over /usr/websm/pc_client/wsmlinuxclient.exe  from your AIX LPAR.

For Centos x86_64 I needed additional RPMs :-

yum groupinstall “GNOME Desktop Environment”     ( only needed if you don’t have X11 installed )
yum install libXmu.i386
yum install libXp.i386

Note the libs have to be the i386 version even though the Linux is x86_64

Install websm

./wsmlinuxclient.exe -console

If you accept the defaults then after teh install satrt it up :-

/opt/websm/bin/wsm

If it bombs out with errors like :-

java.lang.UnsatisfiedLinkError: /opt/websm/_jvm/bin/libawt.so: libXp.so.6: canno
t open shared object file: No such file or directory
Then install the missing library RPM ( it needs to be the i386 version )

Setup SAMBA on Ubuntu for XBMC shares

Like a lot of people I have a central computer which stores my pictures , videos etc, and have a home theater server with XBMC in the living room. To enable XBMC to display pictures and stream videos from your central computer you can use SAMBA. These instructions are for Ubuntu but apart from the actual SAMBA package install they should work for any Linux flavor.

Install SAMBA

On your server you want to share out the media from install SAMBA

sudo apt-get install samba

Create a nice easy directory structure

To make things easy for XBMC create a directory structure with symlinks to your media directories that can be shared out. e.g. within XMBC I want to have my media split into movies , videos, music_videos , music and pictures. The real directories for these on my central server are /videos/movies , /misc/vids, /misc/music_vids , /music , /camera . So I created a top level /xbmc directory with /xbmc/movies /xbmc/videos /xbmc/music_videos /xbmc/pictures

sudo mkdir /xbmc

sudo ln -s /videos/movies /xbmc/movies
sudo ln -s /misc/vids  /xbmc/videos
sudo ln -s /misc/music_vids /xbmc/music_videos
sudo ln -s /music  /xbmc/music
sudo ln -s /camera  /xbmc/pictures

Now when I share out /xbmc everything is nicely organized.

Configure SAMBA

sudo vi /etc/samba/smb.conf

Ensure your network interfaces are in the interfaces =   line and remove the ; at the beginning of the line.

Add these lines after the interfaces line , where the IP address after 127.0.0.1 is the IP address of your XBMC box assuming it has a static IP, if you are using DHCP for the XBMC server then put in the DCHP subnet e.g. 192.168.1.0/24

hosts allow = 127.0.0.1,192.168.1.45
hosts deny = 0.0.0.0/0

Remove the ; from the line bind interfaces only = yes

If using symlinks then add this line :-

unix extensions = no

Remove the hash at the beginning of the line security = user

Search for socket and add the line

socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

At the end of the file add :-

[xbmc]
comment = XBMC share
path = /xbmc
read only = yes
guest ok = no
user = xbmc
follow symlinks = yes
wide links = yes

Save the file

Create a linux user with enough permissions to be able to read your media files and a shell of  /bin/false – do not create a linux password for the user – we only want the user to login via SAMBA

sudo groupadd xbmc

sudo useradd -d /xbmc -c “XBMC SAMBA user” -g xbmc -s /bin/false xbmc

sudo smbpasswd -a xbmc

Restart SAMBA

sudo /etc/init.d/smbd restart

Add the share in XBMC

Video – Add Source

Path is  smb://192.168.1.45/xbmc        ( use the IP address of your SAMBA server )

OK – it will then ask for a username and password and if you select

Living the Linux dream – installing XMBC on an Acer Revo 3700

Installing XBMC on the Acer Revo 3700

After years of waiting for the price of quiet small form factor PCs to come down to a reasonable price point the Acer Revo 3700 has appeared. I purchased one to install XBMC on. I also purchased an add on external USB DVD drive as I also wanted to replace my DVD player.

Because I wanted to use the Revo to do other things besides XBMC I decided to do a normal Ubuntu install rather than a minimum install with XBMC. I selected Ubuntu 10.04 LTS 32 bit to install.

I decided to make things easy and do the install with a wired Ethernet connection and enable wireless afterwards.

As I had an USB DVD drive I thought I would use this to do the install – big mistake it failed after the splash screen with :-

(initramfs) mount mounting /dev/loop0 on filesystem.squashfs failed: Input/Output error Cannot mount /dev/loop0 (/cdrom/casper/filesystem.squashfs on // filesystem.squashfs

Looking at the forums it appeared that boot from a USB memory stick would be a better solution. To make a bootable USB stick go here

Power on the Revo and hit DEL to enter the BIOS. Select Advance BIOS Features  – cursor down to 1st Boot Device and use the – key to select Removable Device.

F10 to save your settings and the Revo will reboot.

In spite of selecting Removable Device as the 1st boot it still booted from the hard disk – so I booted again and hit F12 to go into the boot menu then I could select the USB Flash to boot from.

Select erase and use the entire disk

Login name xbmc

Set a password and select Log in automatically

Once the installation is complete it will prompt you to reboot  – click Restart Now. Hit DEL to go into the BIOS again and select the hard disk as the 1st Boot Device . Remove the USB memory stick you booted from. Hit F10 to save and exit. It should now boot from the hard disk into Ubuntu.

Open up a terminal and do netstat -rn to check the network looks right.

Stop the screen saver from locking the screen with a password – System – Preference – Screensaver – untick lock screen when screensaver is active.

Install the Nvidia binary drivers -see here

Turn off compiz  – Preferences – Appearance – Visual Effects – None

Update manager should appear on the bottom toolbar advising that updates are available. Install the updates and once installed reboot the Revo.

Wireless network

I had a lot of problems getting the wireless network to work. First set it up in Network Manager , go to  System – Preferences – Network Connections

Select Wireless – Add  and add your wireless details.  Choose Infrastructure rather than addhoc and select the tick box to allow all users access. Reboot the Revo and if like me the wireless does not work check in /var/log/messages for failure to open a file :-

May 24 09:34:03 xbmc-desktop kernel: [   15.933794] Read file “/etc/Wireless/RT2860STA/RT2860STA.dat” failed(errCode=0)!

To fix :-

sudo mkdir -p  /etc/Wireless/RT2860STA

sudo touch /etc/Wireless/RT2860STA/RT2860STA/RT2860STA.dat

Reboot the Revo – you will be prompted for your password to start the network and now you should get a message about the wireless network has established a connection.

Now go to System – Preference – Network Connections

You will see a new connection with Last Used of now

Edit this and ensure the mode is Infrastructure , Connect automatically is ticked and available to all users is ticked. Apply the changes – it will disconnect the wireless connection. Reboot the Revo and this time you should not be prompted for a password and the wireless network should connect successfully.

I would advise you to setup a static IP address for the Revo as this will make things easy for using NFS mounts and using an Android phone app as a remote.

To setup a static IP address go to the Network Manager, select the Wireless connection 1 and add a static IP ( your router should have details of the DHCP range of IPs it gives out so select an IP address outside of this range ). Fill in the gateway ( e.g. the address of your router , the DNS servers ( either use your ISP’s one or use a public DNS service like Google’s one ). Reboot the Revo and check with netstat -rn and ifconfig -a that all is well.

Install flash and other media codecs

As this server is going to be able to play multiple video and sounds formats install the restricted extras for Ubuntu – see here

Sound over HDMI in the Revo 3700

I had lots of problems with this and there are lots of remedies posted on forums, the fix does seem to depend on what version of Ubuntu you install. To have sound over HDMI working you need X up and be connected to a HDMI display so plug your TV into the HMDI port.

Update the Alsa packages – instructions are  here – you need to reboot after updating.

After installing a newer version of ALSA you now see the Nvidia devices :-

xbmc@xbmc-desktop:~$ aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC662 rev1 Analog [ALC662 rev1 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 1: ALC662 rev1 Digital [ALC662 rev1 Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
Subdevices: 0/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 7: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 8: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 9: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0

Startup alsamixer and use F6 key to select the Nvidia card – it should look like :-

alsamixer with muted channels

You now need to unmute the channels shown as MM – use the cursor keys to navigate to the MM boxes and use the m keys to toggle them to 00 . The display should now look like :-

alsamixer with channels unmuted
alsamixer with channels unmuted

Hit ESC to exit alsamixer

To test :-

xbmc@xbmc-desktop:~$ aplay -D plughw:1,7 /usr/share/sounds/alsa/Front_Center.wav

Sound should come out of the TV.

Now you need to setup Pulse audio

sudo vi /etc/pulse/default.pa

Search for the hashed out line #load-module module-pipe-sink

Add a line :-

load-module module-alsa-sink device=plughw:1,7

Remove any local user pulse config files :-

rm -rf ~/.pulse ~/.asound* ~/.pulse-cookie

Create a new /etc/asound.conf

sudo vi /etc/asound.conf
pcm.pulse {
type pulse
}
ctl.pulse {
type pulse
}
pcm.!default {
type pulse
}
ctl.!default {
type pulse
}

Reboot the Revo and now you should be greeted by Tom-Toms when Ubuntu starts and playing a video from a website in Firefox the sound will now come out of the TV. Don’t worry about the slow performance playing a Video in Firefox – the fixes are later in this guide.

Install XBMC

instructions are here

Ensure you install NVidia hardware acceleration (VDPAU)  in the above instructions.

Open a terminal and type xbmc to start it up. Go to System – Settings and configure :-

Audio Output

Audio output              HDMI
Speaker configuration      2.0
Boost volume level on downmix
Audio output device         Defaults
Passthrough output device      hdmi

Video Playback

Render method           Auto detect
Allow hardware acceleration (VDPAU)
Adjust display refresh rate to match video
Sync playback to display
A/V sync method                 video clock (drop/dupe audio)
VDPAU studio level color conversion

Power saving

Shutdown function       shutdown

Weather – General  change area code 1 – set it to your local city

Speedup video playback

Ensure you installed NVidia hardware acceleration (VDPAU) when you did the XBMC install above. To allow flash videos ( like Youtube ) to run in full screen you need a version of flash that supports hardware acceleration – this currently means getting a beta version. The easiest way is to install Flash Aid Firefox plugin , once installed click on the Flash Aid symbol in the top right hand corner of Firefox and just let the wizard install the best version of flash for the hardware.  I did notice that Youtube videos played faster in the XBMC plugin than in Firefox which is fine as the XBMC plugin is nice to use.

If you are in the UK then install the BBC Iplayer XBMC plugin – follow the instructions here . The XBMC BBC  Iplayer plugin plays  programs much better full screen than in Firefox.

Remote Control

As I have an Android phone I looked for a remote app for XBMC and downloaded the official XBMC app

On the Revo start up XBMC and go to System – Network . enable Allow control of XBMC via HTTP , Allow programs on other systems to control XBMC, set a user name and password. Then go to System – Settings – Input Devices and enable Remote control sends keyboard presses.

Assuming you already have your Android phone setup so it is connected to your WIFI :-

Download the XBMC Android app, Once downloaded press menu and fill in the IP address of the Revo , username and password you setup in XBMC above ( not the Linux username / password ) , tick WIFI only. press the back button and OK the settings. Now you should be able to control XBMC from your phone.

setup XBMC to autostart

To setup XBMC to autostart but still have the Gnome desktop available if you click exit rather than shutdown in XBMC  :-

System – Preferences – Startup Applications. Click add and fill in name: xbmc , Command: xbmc  , Comment xbmc

Now when the Revo boots it will run xbmc but you still have the option to exit to the desktop by selecting exit in XBMC or to shutdown the Revo by selecting shutdown in XBMC

Sound no longer works after updates that include a new kernel

If you install updates ( security fixes etc. ) and it includes a new kernel the HDMI sound won’t work and XBMC will say cannot open audio device.

Update the alsa packages as above, make a copy of your /etc/asound.conf , create a new /etc/asound.conf  :-

pcm.!default {
type plug
slave.pcm “dmix:0,3”
}

If you don’t do this then you will get an error when starting alsamixer after the reboot ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect: Connection refused cannot open mixer: Connection refused

rm -rf ~/.pulse ~/.asound* ~/.pulse-cookie

Now reboot and check aplay -l sees the Nvidia sound card as in the install instructions above.

Startup alsamixer and unmute the channels as in the install instructions

Copy back your original /etc/asound.conf , reboot and your sound should be back.

Installing Citrix client on Linux

I need to use Citrix for remote support and I want to use my normal Linux desktop to do it.

Access to Citrix is via XenApp ( used to be called MetaFrame ) hosted on your companies web site and accessed via a browser.

For the current version of the Citrix client on 64bit Ubuntu you also needs lots of 32bit libraries so if you have not already installed the 32 bit multiarch then

sudo dpkg --add-architecture i386
sudo apt-get update

Now download the Linux client. Go to www.citrix.com , downloads , Download receiver.  Open up the question “Where can I download Citrix Receiver on other platforms and devices” and select Linux, Debian Packages , Full Package ( Self support ). Receiver for Linx ( X86_64 )

In Ubuntu firefox will ask what you want to do with the file – select the default which is to open with GDebi Package Installer. The package installer will then start up and click on Install Package.

The installer incorrectly configures the Firefox plugin to run via nspluginwrapper rather than native 64bit. To correct this :-

sudo rm -f /usr/lib/mozilla/plugins/npwrapper.npica.so /usr/lib/firefox/plugins/npwrapper.npica.so
sudo rm -f /usr/lib/mozilla/plugins/npica.so
sudo ln -s /opt/Citrix/ICAClient/npica.so /usr/lib/mozilla/plugins/npica.so
sudo ln -s /opt/Citrix/ICAClient/npica.so /usr/lib/firefox-addons/plugins/npica.so

Setup firefox so it always activates the plugin. Open up firefox , Tools – Add_ons – Plugins. Ensure that the “Citrix Receiver for Linux” is set for always activate

Use Firefox to go to your companies Citrix site , login in and access a Citrix service – the Citrix Receiver will startup on your desktop but you will often get an error such as

You have not chosen to trust “/C=US/ST=/L=/0=Equifax Secure Certificate Authority/CN=”, the issuer of the server’s security certificate (SSL error 61).

Citrix certicate error

The error is caused by the Citrix client not having the required certificate. You can download the root certificate from the authority – see below – or it is often worth trying to copy over the certificates Firefox has as it has many of the common ones.

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

sudo c_rehash /opt/Citrix/ICAClient/keystore/cacert

Citrix should now work just fine.

If you really do need to install the root certificate then go to the certificate authority’s ( the one mentioned in the error message – i.e. Equifax ) website and download the root certificate

For the Equifax one above go to http://www.geotrust.com/resources/root-certificates/index.html and download  Equifax_Secure_Certificate_Authority_DER.cer

For VeriSign Class 3 :-

You have not chosen to trust “VeriSign Class 3 Public Primary Certification Authority – G5”, the issuer of the server’s security certificate (SSL error 61).

citrix-error-verisign

 

To get the VeriSign G5 cert http://www.verisign.com/support/roots.html save the PCA-3G5.pem to your home directory – rename it to PCA-3G5.crt

Copy the certificate to opt/Citrix/ICAClient/keystore/cacerts/  using sudo and rename it to .crt from .cer or .pem

Prevent Citrix from using the whole screen

On Ubuntu I had a problem where I could not minimise the Citrix window or get back to the desktop.

The following changes in ~/.ICAClient/wfclient.ini     solved the problem

DesiredHRES=1024
DesiredVRES=768

UseFullScreen=false

Now the Citrix window does not come up full screen

Problem with Control key sticking

I had an issue with the control key sticking in a Citrix session. i.e. if I used ^D to log out of a putty session then all my following keystrokes are prefixed by the control key ! The only way around it was to logout of Citrix and log back it. Citrix has fixed this in later versions so upgrade to the latest version ( you need to do the nspluginwarapper fix above after you upgrade otherwise the Citrix plugin will not launch )