Query about user certificate validity period of FAS

Query about user certificate validity period of FAS

book

Article ID: CTX477810

calendar_today

Updated On:

Description

Query about user certificate validity period of FAS

Instructions

The default validity period is one week (seven days), with certificate replacement the first time the user logs on after the halfway point (3.5 days). It is currently hardcoded to 50% of the certificate lifetime.
To extend the validity period, edit the appropriate certificate template in the Windows Certificate Templates MMC snap-in. The extended validity period allows cached certificates to be used for a longer period.
image.png
We can run follow PowerShell command line to check the user certificate:
Get-FasUserCertificate
https://developer-docs.citrix.com/projects/federated-authentication-service-powershell-cmdlets/en/latest/Get-FasUserCertificate

Issue/Introduction

The default validity period is one week (seven days), and can be extended in the Windows Certificate Templates MMC snap-in on CA server.

Additional Information

https://docs.citrix.com/en-us/federated-authentication-service/2203-ltsr/config-manage/security.html#modify-general-properties
https://docs.citrix.com/en-us/tech-zone/design/downloads/citrix-federated-authentication-service-scalability.pdf 
Powered by Wolken Software