|
Measures reported by CtxFASRACertTest
The Federated Authentication Service works by dynamically issuing user logon certificates from a Microsoft Certificate Authority. To do this it must first be granted an “Authorization Certificate” (often called an Registration Authority Certificate or Enrollment Agent certificate) to authenticate to the Certificate Authority.
CFAS cannot issue logon certificates if the CA administrator denies its request for an Authorization Certificate, or if its in the possession of expired / invalid certificates. Administrators should therefore track the status of every Authorization Certificate on CFAS and promptly isolate the ones that have expired, have been denied, or are invalid. The CtxFASRACertTest test helps administrators with this!
The test auto-discovers all the Authorization Certificates on CFAS, and reports the current status of each certificate.
Output of the Test: One set of the results for each Authorization Certificate
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| RACert_status |
Indicates the current status of this Authorization Certificate. |
|
The values that this measure reports and their corresponding numeric values are listed in the table below:
| Measure Value |
Numeric Value |
| Expired |
0 |
| Maintenance Required |
1 |
| Maintenance Due |
2 |
| Ok |
3 |
Note:
By default, this measure reports the Measure Values discussed above to indicate the status of an Authorization Certificate. In the graph of this measure however, the same is indicated using the numeric equivalents only.
Using the detailed diagnosis of this measure, you can determine the details of the Authorization Certificate - this includes the certificate request, the CA to issue the certificate, and the storage container name (TrustArea). |
| Days_to_expiry |
Indicates the number of days within which this Authorization Certificate will expire. |
Number |
Lower the value of this measure, sooner a certificate will expire.
If this value is very low, it implies that the authorization certificate will expire very soon. To continue using the authorization certificate, you will have to renew the certificate. |
|