Keyfactor offers several orchestrators (a.k.a. agents) that may be used to interact with and enhance the functionality of the Keyfactor Command Server.
This guide covers installation of the following orchestrators:
- Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers.
The Keyfactor Universal Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. runs on Windows Servers, Linux servers, and in Linux containers. It can be used to:
- Run SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. discovery and monitoring tasks.
- Manage synchronization of certificate authorities in remote forests (installations on Windows only).
- Collect logs from the orchestrator for central review (full server installations only).
- Run custom jobs to provide certificate management capabilities on a variety of platforms and devices.
- Run custom jobs to execute tasks outside the standard list of certificate management functions. This powerful feature can execute just about any job that requires processing on the orchestrator and submitting data back to Keyfactor Command.
As of this release, the following functions, some of which were part of the Keyfactor Windows Orchestrator The Windows Orchestrator, one of Keyfactor's suite of orchestrators, is used to manage synchronization of certificate authorities in remote forests, run SSL discovery and management tasks, and interact with Windows servers as well as F5 devices, NetScaler devices, Amazon Web Services (AWS) resources, and FTP capable devices, for certificate management. In addition, the AnyAgent capability of the Windows Orchestrator allows it to be extended to create custom certificate store types and management capabilities regardless of source platform or location., are now included among the custom extensions supported for the Keyfactor Universal Orchestrator:
- Interact with Amazon Web Services (AWS) resources for certificate management.
- Interact with Citrix NetScaler devices for certificate management.
- Interact with F5 devices for certificate management.
- Interact with Windows servers (a.k.a. IIS certificate stores), create new bindings for IIS web sites and manage certificates in both the Web Hosting certificate store and the Personal certificate store.
- Remote Java keystore certificate management.
- Remote PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. store certificate management.
- Remote PKCS12 store certificate management.
These custom extensions and more are publicly available at:
The final release of the Keyfactor Windows Orchestrator was version 8.7. This version of the Keyfactor Windows Orchestrator is not compatible with Keyfactor Command version 11.0. Customers should migrate to the Keyfactor Universal Orchestrator with custom extensions as needed.
- Keyfactor Bash Orchestrator The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.
The Keyfactor Bash Orchestrator runs on Linux servers and is used to perform discovery and management of SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. public keys, including installation of new keys and automated removal of unauthorized keys.
- Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed.
The Keyfactor Java Agent runs on Windows or Linux servers and is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. In addition, the Keyfactor Java Agent can be extended to create custom certificate store jobs.Important: The Keyfactor Java Agent will be deprecated in a future version of Keyfactor Command. Customers are encouraged to begin planning a migration to the Keyfactor Universal Orchestrator with the Remote File custom extension publicly available at:
For more information, see Installing Custom-Built Extensions.
Keyfactor also offers a variety of tools to allow users to develop custom orchestrators and extensions, including:
Keyfactor AnyAgent The AnyAgent, one of Keyfactor's suite of orchestrators, is used to allow management of certificates regardless of source or location by allowing customers to implement custom agent functionality via an API. Framework
The AnyAgent capability of the Keyfactor Universal Orchestrator and Java Agent allows management of certificates regardless of source or location by allowing customers to implement custom agent functionality.
Keyfactor Integration SDK
The Keyfactor Integration SDK (software development kit) includes a variety of tools for building a custom orchestrator, including the Keyfactor Native Agent, which is a reference implementation intended for customers wanting to include Keyfactor Command certificate store management functionality in embedded or other platforms.
Keyfactor Orchestrator NuGet Package
The Keyfactor Orchestrator NuGet package is designed to allow customers to build custom extensions for the Keyfactor Universal Orchestrator.
Keyfactor GitHub Site
Keyfactor offers several publicly available integrations and plugins for the Keyfactor platform in the Keyfactor GitHub. Find all the latest developer tools and resources to integrate the Keyfactor platform with your PKI A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption., Cloud, and DevOps infrastructure.
These tools for developing custom orchestrators and extensions are not documented in this guide. For more information about these and other custom orchestrator solutions, contact your Keyfactor representative.
For more information, see Installing Custom-Built Extensions.