Citrix FAS Authorization Certificates Test
The Federated Authentication Service works by dynamically issuing user logon certificates from a Microsoft Certificate Authority. To do this it must first be granted an "Authorization Certificate" (often called an Registration Authority Certificate or Enrollment Agent certificate) to authenticate to the Certificate Authority.
CFAS cannot issue logon certificates if the CA administrator denies its request for an Authorization Certificate, or if its in the possession of expired / invalid certificates. Administrators should therefore track the status of every Authorization Certificate on CFAS and promptly isolate the ones that have expired, have been denied, or are invalid. The Citrix FAS Authorization Certificates test helps administrators with this!
The test auto-discovers all the Authorization Certificates on CFAS, and reports the current status of each certificate.
Target of the test : Citrix Federated Authentication Server
Agent deploying the test : An internal agent
Outputs of the test : One set of the results for each Authorization Certificate
Parameter | Description |
---|---|
Test Period |
How often should the test be executed. By default, this is set to 5 minutes. |
Host |
The IP address of the host for which this test is to be configured. |
Port |
The port at which the specified host listens. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Certificate status |
Indicates the current status of this Authorization Certificate. |
|
The values that this measure reports and their corresponding numeric values are listed in the table below:
Note: By default, this measure reports the Measure Values discussed above to indicate the status of an Authorization Certificate. In the graph of this measure however, the same is indicated using the numeric equivalents only. Using the detailed diagnosis of this measure, you can determine the details of the Authorization Certificate - this includes the certificate request, the CA to issue the certificate, and the storage container name (TrustArea). |
||||||||||
Days to expire |
Indicates the number of days within which this Authorization Certificate will expire. |
Number |
Lower the value of this measure, sooner a certificate will expire. If this value is very low, it implies that the authorization certificate will expire very soon. To continue using the authorization certificate, you will have to renew the certificate. |