PUT Certificate Stores Discovery Job

The PUT /CertificateStores/DiscoveryJob method is used to schedule a discovery job for certificate stores. The certificate store discovery feature is used to scan machines and devices for existing certificates and certificate stores, which can then be configured for management in Keyfactor Command. Certificate store discovery is supported for:

This endpointClosed An endpoint is a URL that enables the API to gain access to resources on a server. returns 204 with no content upon success. The method schedules the discovery job through the orchestrator. The results of the discovery job are determined separately (see POST Certificate Stores Approve).

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:
/certificate_stores/modify/
OR
/certificate_stores/modify/#/ (where # is a reference to a specific certificate store container ID)

Permissions for certificate stores can be set at either the global or certificate store container level. See Container Permissions for more information about global vs container permissions.

Table 343: PUT Certificate Stores Discovery Job Input Parameters

Name In Description
ClientMachine Body Required. A string indicating the name in Keyfactor Command of the client machine that will do the discovery. This is not necessarily the actual DNS name of the server; the orchestrator may have been installed using an alternative as a reference name.
AgentId Body Required. A string indicating the Keyfactor Command reference GUID of the orchestrator for this store.
Type Body An integer indicating the ID of the certificate store type, as defined in Keyfactor Command, for this certificate store. Built-in certificates store types are: (0-Javakeystore, 2-PEMFile, 3-F5SSLProfiles,4-IISRoots, 5-NetScaler, 6-IISPersonal, 7-F5WebServer, 8-IISRevoked, 9-F5WebServerREST, 10-F5SSLProfilesREST, 11-F5CABundlesREST, 100-AmazonWebServices, 101-FileTransferProtocol). Any custom extensions for the Keyfactor Universal Orchestrator you add will have certificate store types numbered 102+. The default is 0 for a JKS discovery using the Keyfactor Java Agent.
JobExecutionTimestamp Body The date and time at which the discovery job should run. If no date is provided, the job will be scheduled to run immediately. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2023-11-19T16:23:01Z).
Dirs Body Required. A string containing the directory or directories to search during the discovery job. Multiple directories should be separated by commas.
  • Java

    For Java discovery, enter at a minimum either “/” for a Linux server or “c:\" for a Windows server.

  • PEM

    For PEM discovery, enter at a minimum either “/” for a Linux server or “c:\” for a Windows server.

  • F5

    For F5 discovery, enter “/”.

IgnoredDirs Body A string containing the directories that should not be included in the search. Multiple directories should be separated by commas.
Extensions Body A string containing the file extensions for which to search. For example, search for files with the extension jks in order to exclude files with other extensions such as txt. Use noext to search file files without extensions. The dot should not be included when specifying extensions.
NamePatterns Body A string against which to compare the file names of certificate store files and return only those that contain the specified string (e.g. myjks).
SymLinks Body A Boolean that sets whether the job should follow symbolic links on Linux and UNIX operating systems and report both the actual location of a found certificate store file in addition to the symbolic link pointing to the file. This option is ignored on Windows.
Compatibility Body A Boolean that sets whether the job will run using the compatibility mode introduced in Java version 1.8 to locate both JKS and PKCS12 type files (true) or not (false). This option applies only to Java keystore discover jobs.
ServerUsername Body Required*. The username used to connect to the certificate store server.ClosedShow server username details.
Note:  Secret data is stored in the secrets table or a PAM provider and is not returned in responses.

This field is required only for select certificate store types that require authentication at the server level. These include F5, Citrix/NetScaler, IIS, and any other custom method you've defined to support this.

ServerPassword Body

Required*. The password used to connect to the certificate store server. ClosedShow password details.

Note:  Secret data is stored in the secrets table or a PAM provider and is not returned in responses.

This field is required only for select certificate store types that require authentication at the server level. These includeF5, Citrix/NetScaler, IIS, and any custom method you've defined to support this.

ServerUseSsl Body A Boolean that indicates whether Keyfactor Command will use SSL to communicate with the certificate store server (true) or not (false). The default is false.
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.