Set the Autoenrollment Configuration utility
Use Autoenrollment Configuration utility to set Autoenrollment Server configuration values. You must have administrator rights to use this utility to write data to Active Directory.
Autoenrollment Server runs as a Windows service. You must set the configuration settings in the utility before you start the autoenrollment service.
Steps to set the Autoenrollment Configuration utility
Log on to Autoenrollment Server machine as AE Administrator.
On the Start menu, select DigiCert, then right click Autoenrollment Configuration and select Run as Administrator.
Complete or review the following settings:
Select the DigiCert ONE – DigiCert® Trust Lifecycle Manager radio button in the CA Platform section.
Under Credential, select either the API Key or RA Certificate radio button.
For RA certificate authentication (required for Windows Hello for Business integration):
For software-based certificates,
Click on the File... button
Select Yes in the popup window which is displayed.
Select Browse....
Choose the client authentication certificate you generated.
Enter the password copied during client authentication certificate generation under PIN.
Click OK.
For HSM-based certificates,
Click on Store … button.
Select Yes in the popup window which is displayed.
Select your client authentication certificate from the drop-down list, leave the PIN field empty and select OK.
The validity of the RA certificate is displayed. You can also check the RA certificate by selecting View.
For API key authentication,
Select the API Key radio button.
Populate API Key with the service user API token you generated.
In the Endpoint section, populate Server Name and Server Port according to your authentication method:
For RA certificate authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (e.g. Server Name=clientauth.one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
For API Key authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (e.g. Server Name=one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
If Autoenrollment Server is communicating with DigiCert ONE via a proxy server, populate the Proxy Server (including the proxy server port, in <server:port> format), Proxy Username, and Proxy Password fields with your proxy server details.
In the Configuration section, populate the Config File location (see Import the autoenrollment configuration file).
Verify the location and contents of the Log Properties file. This file defines the logging configuration such as log file path and log level. The default is specified as logger.properties in the installation directory of Autoenrollment Server. Click Browse to choose a different log properties file. Click View to check and modify the log properties file contents. Refer to section Log properties configuration options for details about the configuration.
Once all the configuration details have been populated, the Autoenrollment Server’s connection to DigiCert CA can be tested using the Test button next to Connection. The connection test will result in one of the following message dialogs:
If Autoenrollment Server establishes a connection, "Success: The connection could be established" is displayed.
If connection fails, “Failure: The connection could not be established" is displayed. For any configuration errors, refer to the log file located at C:\User\<AE Administrator>\AEConfig.log
Click OK to save the configuration settings and exit the configuration utility.