Jump to content
Welcome to our new Citrix community!
  • 0

Citrix FAS CA root domain

Björn Schläfli


Our CA is installed in the root domain. Today certificates are published by CES (Certificate Enrollment Server). I've installed FAS in child domain, which has a two-way trust to the root domain. In FAS admin console the button publish and authorize are greyed out, as FAS is unable to find the CA. Is it possible to configure and make it work in this construct or do we have to install a separate issueing CA in the child domain, where the FAS server is a member?

Link to comment

4 answers to this question

Recommended Posts

  • 0

as far as I know, FAS and CA must resides on the same forest, but it is not mandatory to be in the same domain. Therefore your design should be ok.

you say you have CES - be aware you need AD CS role. You have to publish the RA certificate template to authorize the FAS server and the template should have the enroll permissions for the FAS server computer account.

Link to comment
  • 0

I've configured the NTAuth store with the correct certificate and configured Read and Allowed to authenticate on DC OU for the issuing CA server (which besides should not be necessary with forest-wide trust as we have in our test environment). The Publish button is still greyed out "No certificate authorities were found".

certutil -setreg Policy\EditFlags +EDITF_ENABLELDAPREFERRALS has been set.

The root certificate of the child domain exists in the root domain.


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...