= Citrix Fix =
== Citrix Receiver 13.0, RHEL/CentOS/ScientificLinux 6.5 32 bit ==
----------
As of the beginning of February 2014, accessing websites using Citrix Receiver 12.1 fails with this (useless) error message:
----
 . '''SSL error'''
 . Contact your help desk with the following information:
 . The server sent an expired security certificate.  The
 . certificate "!GlobalSign Root CA" is valid from 01
 . September 1998 to 28 January 2014 (SSL error 70).
----
The recommended fix is using Citrix Receiver 13.0, using [[http://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-130.html|this RPM ]].  However, this new version requires libxerces-c-3.1.so and libwebkitgtk-1.0.so.0 .  libxerces is available [[ ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/jblunck:/md/CentOS_CentOS-6/i686/libxerces-c-3_1-3.1.1-6.3.i686.rpm | here ]]

Still doesn't work ... poop on this!
-------
=== INSTEAD ===
'''Make 12.1 work''' by adding new Root-R*.crt files [[https://support.globalsign.com/customer/portal/articles/1426602-download-globalsign-root-and-intermediate-certificates|here]] or [[http://tiny.cc/citcert|here]].  I downloaded Root-R1.crt, Root-R2.crt, and Root-R3.crt, and added them to the .../Citrix/ICAClient/keystore/cacerts/ directory.   Probably only Root-R1.crt is needed, but I don't want to go through this nonsense again, any time soon.