During initial provisioning, the certificate templates in the primary Active Directory forest
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. (the forest in which Keyfactor Command is installed) will be imported automatically by the Keyfactor Command configuration wizard. Templates for additional forests can be imported in a number of ways:
- For CAs accessed with the CA Connector The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client, you can use the Import Templates option after you have configured a CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. record for at least one CA.
- There's an automated process to import templates once every hour, on the hour. The automated template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. import only runs for CAs for which there is an active CA synchronization job configured.
You will need to import templates if you add a new template or change the name or key size The key size or key length is the number of bits in a key used by a cryptographic algorithm. of a template after it has been imported into Keyfactor Command and don't want to wait for the automated import process (see Importing Certificate Templates).
Certificate templates need to be configured to support PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). (see Configuring Template Options).
- Short Name: <end entity profile name>_<certificate profile name>
- Display Name: <end entity profile name> (<certificate profile name>)
Only certificate profiles configured as available in a given end entity profile will be imported as templates associated with the given end entity profile name.
Figure 258: Certificate Templates
) next to the You can also find the help icon (
) at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.
Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).