Initial Configuration

Once the installation is complete, the CA ConnectorClosed The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client should be running and ready to communicate with Keyfactor Command. The initial installation allows the CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Connector Client to register itself with Keyfactor Command and, once configured appropriately in Keyfactor Command, provide the connection from Keyfactor Command to the CA to allow for certificate synchronization, enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). and management.

Refer to theKeyfactor Command Server Installation Guide and Keyfactor Command Reference Guide for help in completing these steps:

  • If you have not already done so, configure the task queue connection to RabbitMQ. This can be done either in the Keyfactor Command configuration wizard on the CA Connector API tab or in the Keyfactor Command Management Portal on the Certificate Authorities page. If you’re using a managed instance of Keyfactor Command, this will most likely be configured for you.
  • If you have not already done so, create CA Connector entries on the CA Connector tab of the Keyfactor Command Management Portal on the Certificate Authorities page for each CA Connector Client. This can be done before installing the client or after installation is complete and before beginning to use the connector (see Adding or Modifying a DCOM CA).
  • Confirm that the CA Connector Client appears as Connected on the CA Connector tab of the Keyfactor Command Management Portal on the Certificate Authorities page (see Adding or Modifying a DCOM CA).
  • Create CA records for any CAs of the type to be managed by the CA Connector Client (DCOM or HTTP) in the on-premises environment on the Certificate Authorities tab of the Keyfactor Command Management Portal on the Certificate Authorities page. Be sure to enable the Use CA Connector option. You may wish to enable the Use Explicit Credentials option (see Create Service Accounts for the Keyfactor CA Connector, Grant the CA Connector Client Service Account Permissions on the CA, and Adding or Modifying a DCOM CA).

This section details some post-install configuration steps that may be helpful during ongoing use or troubleshooting.