Citrix FAS MS Certificate Authority Details Test

A certification authority (CA) is responsible for attesting to the identity of users, computers, and organizations. The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate. The CA can also manage, revoke, and renew certificates.

Sometimes, one/more CAs in a domain may be unreachable for authenticating user logins. If user logins fail or if login authentication is delayed unduly, then administrators must be able to tell if it is owing to an inaccessible CA.

Also, when a certificate request is generated on CFAS using a template, the administration console sends it to a certificate authority that publishes that template. If a CA does not publish any template, very often it is because no requests were generated using any template that that CA publishes; not because, the CA could not be contacted. Administrators however, tend to wrongly attribute the absence of templates to publish to the unavailability of the CA. With the help of the Citrix FAS MS Certificate Authority Details test, administrators can finally set the record straight!

This test takes stock of all the CAs installed in the CFAS domain. The test then periodically checks whether/not every CA is accessible, and alerts administrators to the inaccessiblity of any CA. This way, if a CA is not publishing templates, then administrators can figure out if it is because there are no templates to publish or because the CA is unreachable. Additionally, for each CA, the test reports whether/not it is the default/primary CA.

Target of the test : Citrix Federated Authentication Server

Agent deploying the test : An internal agent

Outputs of the test : One set of the results for each Microsoft CA installed in the CFAS domain

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed. By default, this is set to 5 minutes.

Host

The IP address of the host for which this test is to be configured.

Port

The port at which the specified host listens.

Domain, Username, Password

This test requires domain administrator privileges to run. Therefore, specify the name of domain to which the CFAS belongs against DOMAIN. Enter the credentials of the domain administrator against the USERNAME and PASSWORD text boxes.

Confirm Password

Confirm the password by retyping it here.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Is microsoft certificate accessible?

Indicates whether/not the CA is accessible.

 

If the CA is accessible, then this measure will report the value Yes. If the CA is inaccessible, then this measure will report the value No.

The numeric values that correspond to the aforesaid measure values are as follows:

Measure Value Numeric Value
Yes 1
No 0

Note:

By default, this measure will report the Measure Values listed in the table above to indicate whether/not the certificate can be used as an in-session Virtual Smart Card. However, in the graph of this measure, the same will be indicated using the numeric equivalents only.

Use the detailed diagnosis of this measure to know which templates were published by the CA.

Is it default microsoft certificate?

Indicates whether/not this CA is the default/primary CA.