Skip to main content

Add certificate profiles in Trust Lifecycle Manager

You need to create three different certificate profiles in DigiCert​​®​​ Trust Lifecycle Manager to support the integration with Citrix FAS.

These profiles are used to issue certificates for identifying the Citrix registration authority (RA) and the users who sign on.

Avis

For detailed information about creating certificate profiles in Trust Lifecycle Manager, see Create certificate profiles.

Create the three Citrix FAS profiles

  1. From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.

  2. Select the Create profile from template button.

  3. Create three total certificate profiles, one from each of these templates:

    1. Citrix FAS Registration Authority Manual Authorization: Settings for the short-lived RA certificate, which can be used to get the long-lived RA certificate through the "manual authorization" method.

      Note: DigiCert's Citrix FAS integration uses the "offline" (out-of-band) method to get the long-lived RA certificate. The RA "manual authorization" profile is used to pass checks in the Citrix FAS console, but no certificates will be issued from it.

    2. Citrix FAS Registration Authority: Used to issue the long-lived RA certificate, which in turn is used to issue the "Smartcard Logon" end user certificates. You will use this profile to issue the long-lived RA certificate using the "offline" method, via the Trust Lifecycle Manager REST API.

      Note: When creating this profile, enter a valid email address in the Email configuration and notifications section to receive renewal notifications by email when the RA certificate is set to expire.

    3. Citrix FAS Smartcard Logon: Used to issue the certificates for end user authentication via the Citrix FAS registration authority.

      Astuce

      Give each profile an easily identifiable name that correlates with the name of the base template. In the next step, you will select all three profiles by name to download and use to configure DigiCert Autoenrollment Server.

  4. Use the Next button to move through the profile creation screens. Make selections as needed for your Trust Lifecycle Manager environment and Citrix FAS deployment. Keep the default settings from the templates for everything else.

  5. On the final screen, select Save to finish adding each new certificate profile.

What's next

After adding the three Citrix FAS profiles in Trust Lifecycle Manager, use these profiles to Configure DigiCert Autoenrollment Server.