The user performing the installation of the gateway needs to be a local administrator for the computer on which the gateway is being installed. This is necessary because only users with Manage CA permissions to the gateway are allowed to open the gateway configuration wizard, and these permissions are granted by default to the local administrators group by the gateway configuration wizard on initial installation.
When the gateway is first installed, it is registered in Active Directory as a certificate authority
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.. In order to accomplish this step, the user performing the install needs Write and Create Child Object permissions on the following Active Directory container (where DC=keyexample, DC=com are valid for your Active Directory environment):
By default, these permissions are granted to members of the Active Directory Domain Admins and Enterprise Admins groups, and the Active Directory Domain Admins group is by default a member of the local Administrators group on domain-joined machines. If this is not the case in your environment, you will need to grant the user installing the gateway these permissions. If changes are made to permissions or to the user's account (e.g. group membership) in the middle of configuration, the user will need to close the configuration wizard and open it again to pick up the changes. Depending on the type of changes made, the user may need to log out of Windows and back in again.
Was this page helpful? Provide Feedback