Use the Autoenrollment Configuration utility to set Autoenrollment Server configuration values. You must have administrator rights to use this utility to write data to Active Directory.
Autoenrollment Server runs as a Windows service. You must set the configuration settings in the utility before you start the autoenrollment service.
Log on to the Autoenrollment Server machine as AE Administrator.
On the Start menu, select DigiCert, then right-click Autoenrollment Configuration and select Run as Administrator.
Complete or review the following settings:
Select the DigiCert ONE – DigiCert® Trust Lifecycle Manager radio button in the CA Platform section.
Under Credential, select either the API Key or RA Certificate radio button.
For RA certificate authentication (required for Windows Hello for Business integration):
For software-based certificates,
Click the File... button
Select Yes in the popup window which is displayed.
Select Browse....
Choose the client authentication certificate you generated.
Enter the password copied during client authentication certificate generation under PIN.
Click OK.
For HSM-based certificates,
Click Store … button.
Select Yes in the popup window which is displayed.
Select your client authentication certificate from the drop-down list, leave the PIN field empty and select OK.
The validity of the RA certificate is displayed. You can also check the RA certificate by selecting View.
For API key authentication,
Select the API Key radio button.
Populate API Key with the service user API token you generated.
In the Endpoint section, populate Server Name and Server Port according to your authentication method:
For RA certificate authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (e.g. Server Name=clientauth.one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
For API Key authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (e.g. Server Name=one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
If the Autoenrollment Server is communicating with DigiCert ONE via a proxy server, populate the Proxy Server (including the proxy server port, in <server:port> format), Proxy Username, and Proxy Password fields with your proxy server details.
In the Configuration section, populate the Config File location.
Select the Download from DigiCert ONE button.
Select the Certificate profiles checkbox, then select Download AE Server config file.
Select Save.
Select OK.
Select OK.
Verify the location and contents of the Log Properties file. This file defines the logging configuration such as log file path and log level. The default is specified as logger.properties in the installation directory of Autoenrollment Server. Click Browse to choose a different log properties file. Click View to check and modify the log properties file contents. Refer to section Log properties configuration options for details about the configuration.
After all the configuration details have been populated, the Autoenrollment Server’s connection to DigiCert CA can be tested using the Test button next to Connection. The connection test will result in one of the following message dialogs:
If the Autoenrollment Server establishes a connection, "Success: The connection could be established" is displayed.
If the connection fails, “Failure: The connection could not be established" is displayed. For any configuration errors, refer to the log file located at C:\User\<AE Administrator>\AEConfig.log
Click OK to save the configuration settings and exit the configuration utility.