A coworker sent me this amusing rant about autotools which pretty much sums up my thoughts on the subject.

Now, if the result of all this crap, was that I could write my source-code and tell a tool where the files were, and not only assume, but actually trust that things would just work out, then I could live with it.

But as it transpires, that is not the case.

The company I work for somehow decided to get their SSL certificate for their employee portal from a CA not trusted by one of the main applications on the portal, the Citrix Client. (There may be an addition of “Xen” in the actual product name, who knows).

I received the error:

“You have not chosen to trust “UTN-USERFirst-Hardware”, the issuer of the server’s security certificate (SSL error 61).

The answer is fairly clear: we need to add this particular SSL cert, or the CA’s root cert into our trust anchor. To do this, we could save this cert and put it in the right place, or we can trust that OpenSSL has the appropriate root certs.

I chose the latter. To do this, we simply move the certificates trusted by the Citrix installation and symlink to the OpenSSL-based certs. Not rocket science.

Voila. Retrying to connect to the Citrix (?:Xen)?(?:App)? Server works.