• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

HI,

I have an existing environment of about 1200 T610's.  and we are migrating to a new citrix farm.  on the thin clients now is receiver 12.  I'm trying to upgrade to Citrix Receiver 13, and install some new certificates.

 

Is there a way to install the certificates using HPDM?  I've tried the command line options with 'hptc-cert-mgr' but for some silly reason, it won't launch as an hpdm script because it needs an x environment. 

 

I've tried copying them down to the thin client, putting the new certs into the /usr/lib/ICAClient/keystore/cacerts   directory, and running c_rehash against the directory, but I still keep getting the certificate error.

 

What am I doing wrong, has anyone else got this to work? 

Thanks in advance for your help!

 

Kind regards, Fred

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

I figured it out.

 

Am I missing something basic??  is there an easier way to do this?

 

you have to copy the certificate in PEM format to 3 locations  (with a .crt extension)

 

/writable/usr/lib/ICAClient/keystore/cacerts/*.crt

/writable/home/user/.freerdp/certs/*.crt

/writable/usr/local/share/ca-certificates/*.crt

 

then you should create a link in /writable/etc/ssl/certs (with a .pem extension) from the cert file located in

/writable/usr/local/share/ca-certificates

 

then you have to run

c_rehash  /writable/etc/ssl/certs

in a command job. 

convoluted to say the least.

 

Am I missing something basic??  is there an easier way to do this?

Thanks

 

 

 

View solution in original post

3 REPLIES 3
HP Recommended

I figured it out.

 

Am I missing something basic??  is there an easier way to do this?

 

you have to copy the certificate in PEM format to 3 locations  (with a .crt extension)

 

/writable/usr/lib/ICAClient/keystore/cacerts/*.crt

/writable/home/user/.freerdp/certs/*.crt

/writable/usr/local/share/ca-certificates/*.crt

 

then you should create a link in /writable/etc/ssl/certs (with a .pem extension) from the cert file located in

/writable/usr/local/share/ca-certificates

 

then you have to run

c_rehash  /writable/etc/ssl/certs

in a command job. 

convoluted to say the least.

 

Am I missing something basic??  is there an easier way to do this?

Thanks

 

 

 

HP Recommended

>create a link in /writable/etc/ssl/certs (with a .pem extension) from the cert file located in

/writable/usr/local/share/ca-certificates  then you have to run c_rehash  /writable/etc/ssl/certs

 

(This response is unrelated to Thin Clients but just with Linux and certificates.)

 

I have some example scripts I use to deal with certificates and Linux's openssl command.

I too have to create a CA directory and use c_rehash.  Then I can use: openssl verify

My c_rehash will take either .crt or .pem.

HP Recommended

 

I need your help ,  what can i do ?

 

cer.jpg

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.