Ubuntu

AddTrust External CA Root Certificate Not Trusted

Asked by Rodger Schultz on 2010-09-08

I am attempting to use the Citrix Linux client to access a server at my workplace, using Firefox as my browser. I can get through the initial login for the site, but when I attempt to click on the specific Citrix application, the following message appears: "You have not chosen to trust "Addtrust External CA Root", the issuer of the server's security certificate (SSL error 61)." I am using Ubuntu 10.04, and the AddTrust External CA Root certificate is in the list of certificates when I look in the Firefox preferences under the advanced section, and then 'certificate manager' and 'authorities'. There are options to "Import" or "Export" among others, but I do not know how to set up either Firefox or Ubuntu to actually "trust" that particular certificate.

I have Goggled and researched this issue on-line, but none of the comments I have seen are recent regarding this problem, although quite a few people seem to have encountered it over the past several years. I have not seen any solutions listed for the current Ubuntu or Firefox versions, and would apprecitae any help you can give which explains what to do to to set up my computer to trust this particular certificate.

To see if it was just a problem with Firefox, I downloaded the Opera browser, but the same message appears in that program. I also spoke with the system administrator at the work site where the server is located, but he is not familiar with Linux and wasn't able to help. When running Windows and Internet Explorer on other computers I have found that IE automatically handles this issue and there is no "trust" problem.

Thank you in advance for any help you may be able to provide.

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu Edit question

Assignee:: No assignee Edit question

Last query:: 2010-09-28

Last reply:: 2010-09-28

Link existing bug

Revision history for this message

Sam_ (and-sam) said on 2010-09-08:

In this bug it helped a user to rename the browser profile.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589023

Close firefox, open a terminal and rename .mozilla folder (hidden in /home/user):
mv ~/.mozilla ~/mozilla.old
## choose whatever ending you like
Restart Firefox and test.

This shows how to disable it, so in case choose the reverse.
http://benjamin.smedbergs.us/blog/2008-12-24/how-to-disable-the-comodo-root-certificate-in-firefox/
Background.
http://www.vleeuwen.net/2009/11/howto-verify-a-ftp-ssl-connection
http://binblog.info/tag/ssl/

Revision history for this message

Sam_ (and-sam) said on 2010-09-08:

http://kb.mozillazine.org/Profile_folder_-_Firefox#Linux_and_Unix

Revision history for this message

Sam_ (and-sam) said on 2010-09-08:

Another option where #17 says it works for Lucid.
http://ubuntuforums.org/showthread.php?t=912886

Revision history for this message

Philip Harris (psh22902) said on 2010-09-24:

I had exactly the same problem. Ubuntu 10.4 trying to get to my workplace via Citrix. After much searching, I went to

https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=9&nav=0,1

to download AddTrustExternalCARoot.crt

then use sudo mv to move AddTrustExternalCARoot.crt to usr/lib/ICAClient/keystore/cacerts

That fixed it for me.

Revision history for this message

Rodger Schultz (schultz-wells) said on 2010-09-28:

Thanks, Philip for your input. I am relatively new to Ubuntu and the
commands that are executed in the Terminal window. I believe I am on the
right track about moving the downloaded file from the desktop where I have
it located, but here is a copy of what I got during two attempts when trying
to move the file:

rodger@rodger-desktop:~$ cd ~/Desktop
rodger@rodger-desktop:~/Desktop$ sudo mv AddTrustExternalCARoot.crt
~/usr/lib/CAClient/keystore/cacerts
[sudo] password for rodger:
mv: cannot move `AddTrustExternalCARoot.crt' to
`/home/rodger/usr/lib/CAClient/keystore/cacerts': No such file or directory

rodger@rodger-desktop:/$ cd
rodger@rodger-desktop:~$ cd ~/Desktop
rodger@rodger-desktop:~/Desktop$ sudo mv AddTrustExternalCARoot.crt
~rodger/lib/CAClient/keystore/cacerts
[sudo] password for rodger:
mv: cannot move `AddTrustExternalCARoot.crt' to
`/home/rodger/lib/CAClient/keystore/cacerts': No such file or directory
rodger@rodger-desktop:~/Desktop$

Do I have to create a directory in the computer's root, or have I
incorrectly typed some portion of the move command? If you or someone
could type out the exact command based upon what I have shown above, and
reply to me, that would be most helpful. Also, as I mentioned, I am new to
using commands and directories in Ubuntu, and I could use help in finding
the "usr/lib/CAClient/keystore/cacerts." Should the "usr" be "rodger" in
some form? Thank you very much in advance for your assistance.

On Thu, Sep 23, 2010 at 11:54 PM, Philip Harris <
<email address hidden>> wrote:

> Your question #124616 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/124616
>
> Philip Harris proposed the following answer:
> I had exactly the same problem. Ubuntu 10.4 trying to get to my
> workplace via Citrix. After much searching, I went to
>
>
> https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=9&nav=0,1
>
> to download AddTrustExternalCARoot.crt
>
> then use sudo mv to move AddTrustExternalCARoot.crt to
> usr/lib/ICAClient/keystore/cacerts
>
> That fixed it for me.
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
> https://answers.launchpad.net/ubuntu/+question/124616/+confirm?answer_id=3
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/ubuntu/+question/124616
>
> You received this question notification because you are a direct
> subscriber of the question.
>

Thanks, Philip for your input.  I am relatively new to Ubuntu and the
commands that are executed in the Terminal window.  I believe I am on the
right track about moving the downloaded file from the desktop where I have
it located, but here is a copy of what I got during two attempts when trying
to move the file:

Do I have to create a directory in the computer's root, or have I
incorrectly typed some portion of the move command?   If you or someone
could type out the exact command based upon what I have shown above, and
reply to me, that would be most helpful.  Also, as I mentioned, I am new to
using commands and directories in Ubuntu, and I could use help in finding
the "usr/lib/CAClient/keystore/cacerts."  Should the "usr" be "rodger" in
some form?  Thank you very much in advance for your assistance.

On Thu, Sep 23, 2010 at 11:54 PM, Philip Harris <
question124616@answers.launchpad.net> wrote:

> Your question #124616 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/124616
>
> Philip Harris proposed the following answer:
> I had exactly the same problem. Ubuntu 10.4 trying to get to my
> workplace via Citrix. After much searching, I went to
>
>
> https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=9&nav=0,1
>
> to download AddTrustExternalCARoot.crt
>
> then use sudo mv    to move AddTrustExternalCARoot.crt to
> usr/lib/ICAClient/keystore/cacerts
>
> That fixed it for me.
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
> https://answers.launchpad.net/ubuntu/+question/124616/+confirm?answer_id=3
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/ubuntu/+question/124616
>
> You received this question notification because you are a direct
> subscriber of the question.
>

Revision history for this message

Sam_ (and-sam) said on 2010-09-28:

Rodger,
it doesn't go into your /home/user_name directory, it's /usr.
Please also note, that CLI is case sensitive.

https://help.ubuntu.com/community/LinuxFilesystemTreeOverview
https://help.ubuntu.com/community/FindingFiles

Hence try:
cd ~/Desktop
sudo mv AddTrustExternalCARoot.crt /usr/lib/ICAClient/keystore/cacerts

https://help.ubuntu.com/10.04/basic-commands/C/