How To: Install Entrust Certificates On A HP Thin Client For Citrix

If you’ve just installed a shiny new Entrust certificate on your Citrix server and you find out that your HP Thin Client machines can’t connect to published applications with a SSL Error:

“You have not chosen to trust ‘Entrust.net Certification Authority (2048)’, the issuer of the server’s security certificate (SSL Error 61).”

…then there’s a two-phase process to get this fixed.  The first phase, done on your workstation, requires that you have a USB thumb drive.

Phase 1: Done once on your workstation

1) Plug in the USB thumb drive

2) Open a web browser and download all eight of these files with their original filenames to the root directory of your USB thumb drive:

     2.1) https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer

     2.2) https://www.entrust.net/downloads/binary/entrust_2048_ca.cer

     2.3) https://www.entrust.net/downloads/binary/entrust_ev_ca.cer

     2.4) https://www.entrust.net/downloads/binary/entrust_g2_ca.cer

     2.5) https://www.entrust.net/downloads/binary/entrust_l1e.cer

     2.6) https://www.entrust.net/downloads/binary/entrust_l1e_chain_root.cer

     2.7) https://www.entrust.net/downloads/binary/entrust_l1c.cer

     2.8) https://www.entrust.net/downloads/binary/entrust_2048_chain_root.cer

3) Safely eject the USB thumb drive, and go find yourself some thin clients

Phase 2: Done on every HP Thin Client

1) Hop on the Thin Client, and plug in your USB drive from earlier

2) Click on the lower left corner (HP Menu)

3) Click on Administrator/User Mode Switch

4) On the Switch To Admin Mode login screen, type in “root” (without quotes) as the password (this is the default value) and hit Enter

5) In the “Thin Pro Control Center (Administrative Mode)” application, double-click “Control Panel”

6) Choose the “Advanced” tab

7) Double-click on “X Terminal”

NOTE: All commands going forward are case-sensitive!

8) Type “su” (without quotes) and hit Enter

9) Type “fsunlock” (without quotes) and hit Enter

10) Type “cd /media” (without quotes) and hit Enter

11) Type “ls” (without quotes) and hit Enter to list the drives… the names are case-sensitive in the next step

12) Type “cd [First few case-sensitive letters of your USB drive]” (without quotes or []s) followed by the Tab key, and it will auto-complete the name, then hit Enter:

   

13) Type “cp *.cer /usr/lib/ICAClient/keystore/cacerts/”  (without quotes) and hit Enter

    (No result is a good result, i.e. a blank line after the command means the files were successfully copied)

14) Type “fslock” (without quotes) and hit Enter

15) Type “reboot” (without quotes) and hit Enter

At this point, the HP Thin Client should connect to Citrix without issue.