New-FasAuthorizationCertificateRequest

Synopsis

Generate an offline certificate request for a Registration Authority certificate for a Federated Authentication Service. Once the request is signed import the PKCS7 chain using Import-FasAuthorizationCertificateResponse.

Syntax

New-FasAuthorizationCertificateRequest [-DistinguishedName <String>] [-UseTPM <Boolean>] [-Address <String>]
 [-UserName <String>] [-Password <String>] [<CommonParameters>]
<!--NeedCopy-->

Description

Generate an offline certificate request for a Registration Authority (also known as Enrollment Agent) certificate for a Federated Authentication Service. Once the request is signed import the PKCS7 chain using Import-FasAuthorizationCertificateResponse.

The Federated Authentication Service works by dynamically issuing user logon certificates from a Microsoft Certificate Authority. To do this it must first be granted an “Authorization Certificate” (often called an RA or Enrollement Agent certificate) to authenticate to the Certificate Authority.

This command generates a Certificate Request and returns a Base64 CSR.

Examples

Example 1

PS C:\>

C:\PS> $CitrixFasAddress=(Get-FasServer)[0].Address
C:\PS> $Request = New-FasAuthorizationCertificateRequest
C:\PS> Import-FasAuthorizationCertificateResponse -Id $Request.Id -Pkcs7CertificateFile .\ResponseFromCA.p7b
<!--NeedCopy-->

Description


This code generates a certificate request in $Request. Once issued it imports the PKCS7 response from a file.

Parameters

-DistinguishedName

Specify the Distinguished Name to include in the Certificate Request.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: DC=CitrixTrustFabric
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->

-UseTPM

Specify true to generate a private key in the Federated Authentication Service server’s Trusted Platform Module.

Note: UseTPM is deprecated; instead use ‘Set-FasKeyConfig -CertificateType ra -UseDefaultTpmProvider’);

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $false
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->

-Address

Address of FAS Server (or $NULL to use $CitrixFasAddress)

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $CitrixFasAddress
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->

-UserName

User name to use for authentication to FAS server ($NULL for current user account)

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $NULL
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->

-Password

Password for authentication to FAS server ($NULL for current user account)

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $NULL
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Variable, based on property name.

This cmdlet does accept input from the pipeline but only by property name.

Outputs

void

This cmdlet returns a Base64 certificate request

Notes

Import-FasAuthorizationCertificateResponse

Get-FasAuthorizationCertificate

Remove-FasAuthorizationCertificate

Set-FasKeyConfig

New-FasAuthorizationCertificateRequest