Configure DigiCert Autoenrollment Server
After setting up the three Citrix FAS profiles in DigiCert® Trust Lifecycle Manager, follow these steps to download the DigiCert Autoenrollment Server (AES) configuration file and use it to configure the AES system.
From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.
Select the Download AE config file button above the table.
In the modal that appears, select the three Citrix FAS profiles you created.
Copy the downloaded file to the DigiCert AES system.
Make sure you have the Certificate Templates snap-in for the Microsoft Management Console.
View the current templates in the Microsoft Management Console. Delete the three Citrix templates if they are already installed (
Citrix_RegistrationAuthority
,Citrix_RegistrationAuthority_ManualAuthorization
, andCitrix_SmartcardLogon
).Stop the AES service if it is already running. See Start and stop Autoenrollment Server.
Use the Autoenrollment Configuration console to import the AES configuration file you downloaded from Trust Lifecycle Manager. See Import the autoenrollment configuration file.
Start the AES service again after importing the configuration file. See Start and stop Autoenrollment Server.
Note
The AES import operation adds the certificates profiles you configured in Trust Lifecycle Manager as the new Citrix certificate templates in the Microsoft Active Directory domain.
In the Citrix FAS administration console, select the Refresh button on the top-right. It should find the certificate templates you imported into Microsoft Active Directory in the previous step and show green check marks for the first two items in the console.
In Microsoft Active directory, configure the new Citrix_SmartcardLogon
certificate template you imported to allow users to get certificates and authenticate through Citrix FAS:
Using the Microsoft Management Console (MMC), right-click on the
Citrix_SmartcardLogon
template and select Properties.In the Security tab, allow Read and Enroll permissions for users or user groups who need to sign on and authenticate through Citrix FAS.
What's next
After configuring the DigiCert Autoenrollment Server, complete the Citrix FAS integration by setting up the Citrix registration authority.