Problem: All current Citrix XEN or XEN desktop secure connections require a unique security certificate. CLI Linux can accept any Citrix security certificate. Citrix Receiver 13.0.x, 13.1.x, 13.2.x, 13.3.x, 13.4.x and 13.5.x on Linux only support StoreFront connections via HTTPS while the Citrix server's default setting is HTTP in most cases - so the connection will fail. You have to enable HTTPS connections on Citrix server and you have to make sure the thin client has a valid root certificate of the Certificate Authority (CA) available.
Solution: Install your own Citrix security cert on the client to /opt/Citricx/ICAClient/keystore/cacerts
Procedure: Follow the instructions on the attached article(s). The procedure is different for Browser connection compared to the receiver connection methods. Login as the Root user, Start/All/File Browser/opt/Citricx/ICAClient/keystore/cacerts NOTE: Periodic updates (if needed) to the certificate could be deployed to the client(s) remotely, and/or automatically with use of the CLI Device Manager Software. The methods discussed on this article apply to a NEW device that is attempting to be connected to your network for the first time.