New-FasAuthorizationCertificate
Request a Registration Authority (or Enrollment Agent) certificate for a Federated Authentication Service.
Syntax
New-FasAuthorizationCertificate -CertificateAuthority <String> -CertificateTemplate <String> [-AuthorizationTemplate <String>] [-Address <String>] [-UserName <String>] [-Password <String>] [<CommonParameters>]
Detailed Description
Request a Registration Authority (or Enrollment Agent) certificate for a Federated Authentication Service.
The Federated Authentication Service works by dynamically issuing user logon certificates from a Microsoft Certificate Authority. To do this it must first be granted an "Authorization Certificate" (often called an RA or Enrollement Agent certificate) to authenticate to the Certificate Authority.
This command generates a Certifiate Request and sends it to the specified Certificate Authority to request an Authorization certificate.
Related Commands
Parameters
Name |
Description |
Required? |
Pipeline Input |
Default Value |
CertificateAuthority |
Specify the CertificateTemplate of the Registration Authority certificate (e.g. "Citrix_RegistrationAuthority"). |
true |
true (ByPropertyName) |
(default) |
AuthorizationTemplate |
Specify the name of the "Requires CA Administrator Approval" Certificate Template (e.g. "Citrix_RegistrationAuthority_ManualAuthorization"). |
false |
true (ByPropertyName) |
<CertificateTemplate>_ManualAuthorization |
Address |
Address of FAS Server (or $NULL to use $CitrixFasAddress) |
false |
true (ByPropertyName) |
$CitrixFasAddress |
UserName |
User name to use for authentication to FAS server ($NULL for current user account) |
false |
true (ByPropertyName) |
$NULL |
Password |
Password for authentication to FAS server ($NULL for current user account) |
false |
true (ByPropertyName) |
$NULL |
Input Type
Variable, based on property name.
This cmdlet does accept input from the pipeline but only by property name.
Return Values
void
This cmdlet does not return a value
Examples
EXAMPLE 1
C:\PS> $CitrixFasAddress=(Get-FasServer)[0].Address
C:\PS> $DefaultCA=(Get-FasMsCertificateAuthority -Default).Address
C:\PS> New-FasAuthorizationCertificate -CertificateAuthority $DefaultCA -CertificateTemplate "Citrix_RegistrationAuthority" -AuthorizationTemplate "Citrix_RegistrationAuthority_ManualAuthorization"
Description
-----------
This code generates a certificate request for "Citrix_RegistrationAuthority_ManualAuthorization" and sends it to the default CA in the domain. Once access is approved by the CA Administrator, a second request for the actual "Citrix_RegistrationAuthority" certificate will be issued.