Importing SSL Certificates to Raspberry Pi Thin Client

When playing around with the Raspberry Pi Thin Client, I ran into an issue with the SSL certificates for the Citrix Receiver client. For some reason it didn’t want to play with the certificates installed on the server side, and popped the following error message:

You have not chosen to trust “AddTrust External CA Root”, the issuer of the server’s security certificate.

Thankfully there is a quick fix for this! Since Iceweasel is also in the RPTC distribution, and it has a lot more SSL root CA certificates included by default, all that was required (in my case) was to link the certificates it has with the certificates the Citrix Receiver client can use.

Issue the following command to create symlinks for the “missing” certificates in the Citrix Receiver keystore:

[cc lang=”bash” width=”100%” theme=”blackboard” nowrap=”0″]
sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

supply in the root password, which in RPTC is raspberry by default, and if your CA’s root certificate is included with Iceweasel, you should now be able to connect without getting certificate errors.

It’s pretty neat to be able to use small Raspberry Pi as a Thin Client like this, but it’s too bad that it does not support VMware Horizon View using PCoIP (yet?), only RDP, something I have yet to test since my demo environment runs PCoIP only at the moment.

Thanks again to Simplivity for their Raspberry Pi vEXPERT gift!


  1. Hello

    Many thanks for the article … I have followed this and discovered that an additional step was required in my case to make receiver work with the linked certificates:

    sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/

    I am not sure if others would have the same issue but this was from a freshly installed RPi2 image.


Leave a Reply