Configure Microsoft DCOM permissions
DigiCert Autoenrollment Server (AES) uses the Microsoft Distributed Component Object Model (DCOM) for network communications.
To allow Citrix FAS to get certificates from DigiCert, you need to configure DCOM-related permissions for both Citrix FAS and DigiCert AES.
Citrix FAS permissions
The Citrix FAS service runs as user Network Service
. To configure the required permissions for this service user account on the Windows server where Citrix FAS is running:
Open Component Services > Computers. Right click on My Computer and select Properties.
In the COM Security tab, select the button to Edit Limits.
Add the NETWORK SERVICE user and under permissions check off to allow the following:
Local Activation
Remote Activation
DigiCert AES permissions
Configure basic DCOM access rights for DigiCert Autoenrollment Server (AES) during the initial installation process, as described here: Configure DCOM access rights
To support the Citrix FAS integration, configure the required permissions for the Network Service
user account on the Windows server where DigiCert AES is running:
Open Component Services > Computers > My Computer > DCOM Config. Right click on AutoEnrollmentDCOMSrv and select Properties.
In the Security tab, Launch and Activation Permissions section:
Make sure the Customize option radio is selected and select the Edit button next to it.
Add the NETWORK SERVICE user and under permissions check off to allow the following:
Local Activation
Remote Activation
Also in the Security tab, in the Access Permissions section:
Make sure the Customize option radio is selected and select the Edit button next to it.
Add the NETWORK SERVICE user and under permissions check off to allow the following:
Local Access
Remote Access
What's next
After configuring the DCOM permissions, proceed to Add certificate profiles in Trust Lifecycle Manager.