Appendix - Multi-Tenancy Environments

If you are running a multi-tenancy installation, you will need to run through the configuration for each separate CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA., which will be distinguished by the logical nameClosed The logical name of a CA is the common name given to the CA at the time it is created. For Microsoft CAs, this name can be seen at the top of the Certificate Authority MMC snap-in. It is part of the FQDN\Logical Name string that is used to refer to CAs when using command-line tools and in some Keyfactor Command configuration settings (e.g. ca2.keyexample.com\Corp Issuing CA Two). entered in the configuration file.

Note:  The AnyCAGateway DCOM configuration for each CA you configure is saved to the AnyCAGateway DCOM database. However, only one JSON file per name/location can exist. Each time you run the Set-KeyfactorGatewayConfig cmdlet with the -FilePath parameterClosed A parameter or argument is a value that is passed into a function in an application., it will overwrite the previously created output file of the same name in the same location, and the configuration is saved to the database for each logical name. You could choose to use multiple files by saving each with a different name/location.

New install configuration workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. with multi-tenancy:

  1. Generate a default configuration file using the Get-KeyfactorGatewayConfig cmdlet with the -LogicalName and -FilePath parameters set for your first CA.
  2. Edit the configuration file for your first CA and set it with Set-KeyfactorGatewayConfig cmdlet with the -LogicalName and -FilePath parameters set for your first CA.
  3. Generate a new default configuration file using the Get-KeyfactorGatewayConfig cmdlet with the -LogicalName and -FilePath parameters set for your second CA.
  4. Edit the configuration file for your Second CA and set it with Set-KeyfactorGatewayConfig cmdlet with the -LogicalName and -FilePath parameters set for your second CA.
  5. Repeat as many times as necessary for each CA you are configuring to work with the AnyCAGateway DCOM.
  6. When you go to the next step in the installation, or upgrade, you will use the respective logical names where indicated in the process, and repeat for each.
    7. Note:   All third party CAs configured must be of the same type—for example Entrust or DigiCert.