With the Citrix Access Gateway (CAG) client, you can establish a VPN connection to a CAG default server. The VPN connection is an SSL tunnel. A certificate is transferred from the server to the client in the process.
If the certificate is not trustworthy, a warning will be given when an attempt to establish a connection is made.
In order to avoid the warning, the server certificate can be stored on the thin client in the /wfs/cagvpn/cagvpn-trusted-CAs.crt file.
The warning can also be disabled in the CAG client configuration.