Skip to main content

Configure multiple Citrix FAS profiles in an Active Directory Forest

DigiCert​​®​​ Trust Lifecycle Manager allows you to configure multiple Citrix Federated Authentication Service (FAS) profiles within the same Active Directory (AD) forest.

Prerequisites

Before you begin, ensure that the first set of Citrix FAS profiles is created. If not, follow the instructions provided in each section of the workflow to create Citrix FAS profile. The initial set must be fully configured and functioning properly:

Create an additional set of Citrix FAS certificate profiles

After successfully setting up the first set, return to Add certificate profiles in Trust Lifecycle Manager and create additional set of three certificate profiles using the following Citrix Integration templates:

  • Citrix FAS Registration Authority

  • Citrix FAS Registration Authority Manual Authorization

  • Citrix FAS Smartcard Logon

Enter a unique Profile name for each profile to distinguish it from the initial set. Select the Use in same forest option for all profiles being created.

Note

Selecting Use in same forest automatically appends a random string to the certificate template’s Common name (CN), creating a distinct CN to prevent conflicts within the same forest.

This setting is irreversible. Once the distinct CN is generated, it remains associated with the profile for its entire lifecycle.

Download and import Autoenrollment configuration file

On the Windows Server that is running another instance of the DigiCert AutoEnrollment Server, perform the following steps:

  1. Open the Autoenrollment Server Configuration console.

  2. In the Configuration section, specify the Config File location.

  3. Select Download from DigiCert ONE.

  4. Select the certificate profiles you want to configure in the same forest.

  5. Select Download AE Server config file.

  6. Select Save.

  7. Select OK.

  8. Select OK.

Configure Citrix FAS rules

After importing the configuration, configure Citrix FAS rules according to the official Citrix documentation.

  • Under Template, select the Citrix_SmartcardLogon certificate template with the numeric suffix. For example: Citrix_SmartcardLogon-3056629705319074482

  • Under Certificate authority, select your DigiCert Autoenrollment Server (AES) CA.

  • Complete the Critix FAS rule configuration process. For more details, see Configure Critix FAS rules.

In this section: