Sometimes when using Citrix ICAClient on certain Linux distros you will get an error like

You have not chosen to trust "USERTrust RSA Certification Authority", the issuer of the server's security certificate.

You can fix this by copying a certificate you should already have on the system into a location ICAClient will see it. Why Citrix can’t look into all the normal cert paths is beyond me.

As root:

ln -s /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem /opt/Citrix/ICAClient/keystore/cacerts/USERTrust_RSA_Certification_Authority.pem

This worked on my Linux Mint 21 system with Citrix Workspace 2212 installed via the offical deb package.