Skip to main content

Configure DigiCert Autoenrollment Server

After setting up the three Citrix FAS profiles in DigiCert​​®​​ Trust Lifecycle Manager, download the DigiCert Autoenrollment Server (AES) configuration file and use it to configure the AES system.

1. Download AES configuration file from Trust Lifecycle Manager

  1. From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.

  2. Select the Download AE config file button above the table.

  3. In the modal that appears, select the three Citrix FAS profiles you created.

  4. Copy the downloaded file to the DigiCert AES system.

citrix_fas_download_aes_config.png

Example: Downloading the DigiCert AES configuration file

2. Import the configuration file on the DigiCert AES system

  1. Make sure you have the Certificate Templates snap-in for the Microsoft Management Console. See Add the Certificate Templates Snap-In.Add the Certificate Templates Snap-In

  2. View the current templates in the Microsoft Management Console. Delete the three Citrix templates if they are already installed (Citrix_RegistrationAuthority, Citrix_RegistrationAuthority_ManualAuthorization, and Citrix_SmartcardLogon).

    citrix_fas_check_preinstalled_templates.png

    Delete these templates if present before importing the AES configuration file

  3. Stop the AES service if it is already running. See Start and stop Autoenrollment Server.

  4. Use the Autoenrollment Configuration console to import the AES configuration file you downloaded from Trust Lifecycle Manager. See Import the autoenrollment configuration file.

  5. Start the AES service again after importing the configuration file. See Start and stop Autoenrollment Server.

Avis

The AES import operation adds the certificates profiles you configured in Trust Lifecycle Manager as the new Citrix certificate templates in the Microsoft Active Directory domain.

3. Verify the import in the Citrix FAS console

In the Citrix FAS administration console, select the Refresh button on the top-right. It should find the certificate templates you imported into Microsoft Active Directory in the previous step and show green check marks for the first two items in the console.

citrix_fas_refresh_templates.png

Example: Using the Citrix FAS console to verify success of the AES configuration import

4. Configure permissions for the "Citrix_SmartcardLogon" template in Microsoft AD

In Microsoft Active directory, configure the new Citrix_SmartcardLogon certificate template you imported to allow users to get certificates and authenticate through Citrix FAS:

  1. Using the Microsoft Management Console (MMC), right-click on the Citrix_SmartcardLogon template and select Properties.

  2. In the Security tab, allow Read and Enroll permissions for users or user groups who need to sign on and authenticate through Citrix FAS.

citrix_fas_user_template_permissions.png

Example: Configuring the "Domain Users" group in MMC to allow access to the "Citrix_SmartcardLogon" certificate template

What's next

After configuring the DigiCert Autoenrollment Server, complete the Citrix FAS integration by setting up the Citrix registration authority.