|
Measures reported by CtxFASAuthDefTest
To generate a user certificate, Citrix FAS requires different types of information such as:
The CertificateTemplate to request One/more loadbalanced/ failover Certificate Authority Addresses The ID of the AuthorizationCertificate to use to authorize the request A list of additional Issuance Policy OIDs to add to the certificate request A flag indicating if the certificate can be used as an in-session Virtual Smart Card, or only for the logon process
At any given point in time, an administrator can vett the configuration of a certificate by viewing the recipe for issuing that certificate - i.e., by viewing the Certificate Definition Objects. The CtxFASAuthDefTest test reports the definition of each certificate, thus enabling administrators to review the configuration and to figure out if anything is out of place. Primarily, this test reveals which certificate can be used as an in-session Virtual Smart Card, and which can be used only for logging into the Citrix environment. The detailed diagnostics of the test on the other hand, sheds light on the other key certificate configurations such as the certificate template that is requested and the certificate authority addresses.
Output of the Test: One set of the results for each user certificate
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Is_in_Session |
Indicates whether/not this certificate can be used as an in-session Virtual Smart Card. |
|
Certificates that have been configured to be used as in-session certificates are placed in the user's personal certificate store after logon for application use. For example, if you require TLS authentication to web servers within the VDA session, the ccertificate can be used by Internet Explorer. By default, VDAs will not allow access to certificates after logon.
If the certificate can be used as an insession Virtual Smart Card, then this measure will report the value Yes. If the certificate can be used only at logon, then this measure will report the value No.
The numeric values that correspond to these measure values are listed in the table below:
| Measure Value |
Numeric Value |
| Yes |
1 |
| No |
0 |
Note:
By default, this measure will report the Measure Values listed in the table above to indicate whether/not the certificate can be used as an insession Virtual Smart Card. However, in the graph of this measure, the same will be indicated using the numeric equivalents only.
Use the detailed diagnosis of this measure to know the Microsoft certificate template that this certificate uses and the Certificate Authority Addresses.
|
|