Skip to main content

Troubleshooting the Citrix FAS integration

Information to help you troubleshoot certificate issues related to Citrix FAS integration.

Certificate renewal fails with Duplicate error for Citrix FAS Smartcard Logon profiles

If the Citrix FAS Smartcard Logon profile is configured with a renewal window that is less than 50% of the certificate validity period, Autoenrollment Server cannot issue a new certificate, and the following error message appears:

Duplicate Error: A certificate for the requested Seat ID has already been issued with the same enrollment information (Subject DN), and it is still valid. Your profile forbids duplicate certificates. Please contact your Administrator.

To fix this issue, configure the Citrix FAS Smartcard Logon profile’s Renewal window to about 50% of the certificate’s validity period. For example, if the certificate validity is 7 days, configure the renewal window to 4 days.

When the profile settings are updated, reimport the configuration so the Autoenrollment Server can apply the new values:

  1. Edit the Citrix FAS Smartcard Logon profile and update the Renewal window.

  2. In the Renewal options section, set the Renewal Window to a value greater than or equal to 50% of the total certificate validity.

  3. Select Update to save the profile settings.

  4. Stop the Autoenrollment Server. For more details, see Start and stop Autoenrollment Server.

  5. Reimport the updated Configuration (certificate profiles) file. For more details, see Import the configuration file on the DigiCert AES system.

  6. Start the Autoenrollment Server. For more details, see Start and stop Autoenrollment Server.

After the updated configuration is applied, certificate renewals proceed normally.

In this section: