Skip to main content

Configure Microsoft DCOM permissions

DigiCert Autoenrollment Server (AES) uses the Microsoft Distributed Component Object Model (DCOM) for network communications.

To allow Citrix FAS to get certificates from DigiCert, you need to configure DCOM-related permissions for both Citrix FAS and DigiCert AES.

Citrix FAS permissions

The Citrix FAS service runs as user Network Service. To configure the required permissions for this service user account on the Windows server where Citrix FAS is running:

  1. Open Component Services > Computers. Right click on My Computer and select Properties.

  2. In the COM Security tab, select the button to Edit Limits.

  3. Add the NETWORK SERVICE user and under permissions check off to allow the following:

    • Local Activation

    • Remote Activation

com_security--citrix_fas_permissions.webp

Example: Configuring permissions for Citrix FAS

DigiCert AES permissions

Configure basic DCOM access rights for DigiCert Autoenrollment Server (AES) during the initial installation process, as described here: Configure DCOM access rightsConfigure DCOM access rights

To support the Citrix FAS integration, configure the required permissions for the Network Service user account on the Windows server where DigiCert AES is running:

  1. Open Component Services > Computers > My Computer > DCOM Config. Right click on AutoEnrollmentDCOMSrv and select Properties.

  2. In the Security tab, Launch and Activation Permissions section:

    1. Make sure the Customize option radio is selected and select the Edit button next to it.

    2. Add the NETWORK SERVICE user and under permissions check off to allow the following:

      • Local Activation

      • Remote Activation

      com_security--digicert_aes_launch_permissions.webp

      Example: Configuring Launch and Activation permissions for DigiCert AES

  3. Also in the Security tab, in the Access Permissions section:

    1. Make sure the Customize option radio is selected and select the Edit button next to it.

    2. Add the NETWORK SERVICE user and under permissions check off to allow the following:

      • Local Access

      • Remote Access

      com_security--digicert_aes_access_permissions.webp

      Configuring Access permissions for DigiCert AES

What's next

After configuring the DCOM permissions, proceed to Add certificate profiles in Trust Lifecycle Manager.