eG Help

The Federated Authentication Service works by dynamically issuing user logon certificates from a Microsoft Certificate Authority. To do this it must first be granted an “Authorization Certificate” (often called an Registration Authority Certificate or Enrollment Agent certificate) to authenticate to the Certificate Authority.

CFAS cannot issue logon certificates if the CA administrator denies its request for an Authorization Certificate, or if its in the possession of expired / invalid certificates. Administrators should therefore track the status of every Authorization Certificate on CFAS and promptly isolate the ones that have expired, have been denied, or are invalid. The CtxFASRACertTest test helps administrators with this!

The test auto-discovers all the Authorization Certificates on CFAS, and reports the current status of each certificate.

Output of the Test: One set of the results for each Authorization Certificate

Measurement

Description

Measurement Unit

Interpretation

RACert_status

Indicates the current status of this Authorization Certificate.

The values that this measure reports and their corresponding numeric values are listed in the table below:

Measure Value	Numeric Value
Ok	1
Maintenance Required	2
Maintenance Due	3
Expired	0

Note:

By default, this measure reports the Measure Values discussed above to indicate the status of an Authorization Certificate. In the graph of this measure however, the same is indicated using the numeric equivalents only.

Using the detailed diagnosis of this measure, you can determine the details of the Authorization Certificate - this includes the certificate request, the CA to issue the certificate, and the storage container name (TrustArea).