After setting up the three Citrix FAS profiles in DigiCert® Trust Lifecycle Manager, follow these steps to download the DigiCert Autoenrollment Server (AES) configuration file and use it to configure the AES system.
From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.
Select the Download AE config file button above the table.
In the modal that appears, select the three Citrix FAS profiles you created.
Copy the downloaded file to the DigiCert AES system.
Example: Downloading the DigiCert AES configuration file
Make sure you have the Certificate Templates snap-in for the Microsoft Management Console.
View the current templates in the Microsoft Management Console. Delete the three Citrix templates if they are already installed (
Citrix_RegistrationAuthority,Citrix_RegistrationAuthority_ManualAuthorization, andCitrix_SmartcardLogon).
Delete these templates if present before importing the AES configuration file
Stop the AES service if it is already running. See Start and stop Autoenrollment Server.
Use the Autoenrollment Configuration console to import the AES configuration file you downloaded from Trust Lifecycle Manager:
On the Start menu, select DigiCert, then right-click Autoenrollment Configuration and select Run as Administrator
In the Configuration section, select Open to the right of Config File. Navigate to the location of the AES configuration file you downloaded and select it (or specify the absolute path to the file manually in the textbox next to Config File).The utility displays a dialog with the message:
“Do you really want to import the configuration (enrollment service, templates) and publish them to Active Directory? Note: This operation may take several minutes depending on system workload and imported configuration.”
Select OK to proceed.
Start the AES service again after importing the configuration file. See Start and stop Autoenrollment Server.
Note
The AES import operation adds the certificates profiles you configured in Trust Lifecycle Manager as the new Citrix certificate templates in the Microsoft Active Directory domain.
In the Citrix FAS administration console, select the Refresh button on the top-right. It should find the certificate templates you imported into Microsoft Active Directory in the previous step and show green check marks for the first two items in the console.
 |
Example: Using the Citrix FAS console to verify success of the AES configuration import
In Microsoft Active directory, configure the new Citrix_SmartcardLogon certificate template you imported to allow users to get certificates and authenticate through Citrix FAS:
Using the Microsoft Management Console (MMC), right-click on the
Citrix_SmartcardLogontemplate and select Properties.In the Security tab, allow Read and Enroll permissions for users or user groups who need to sign on and authenticate through Citrix FAS.
 |
Example: Configuring the "Domain Users" group in MMC to allow access to the "Citrix_SmartcardLogon" certificate template
After configuring the DigiCert Autoenrollment Server, complete the Citrix FAS integration by setting up the Citrix registration authority.