Keyfactor Command uses orchestrators (a.k.a. agents) to manage a wide variety of certificate store types. As of this writing, Keyfactor offers these orchestrators:
-
This orchestrator
Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. runs on Windows servers or Linux servers and is used to run jobs at the request of the Keyfactor Command server. Jobs primarily perform certificate management tasks, but other types of operations are also supported. Jobs are provided to the orchestrator as extensions; both built-in and custom extensions are supported. The orchestrator includes built-in extensions to run SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. discovery and management tasks, manage synchronization of certificate authorities in remote forests, and retrieve the orchestrator logs for analysis with the Keyfactor API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command.. -
Keyfactor Android Agent
This orchestrator runs on Android OS Devices and is used to manage PEM
A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. In general, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. and Java keystores. The orchestrator is distributed as part of the Keyfactor Integration SDK (software development kit). Contact Keyfactor for more information. -
Keyfactor Native Agent
This orchestrator is a reference implementation intended for customers wanting to include Keyfactor Command certificate store management functionality in embedded or other platforms. The orchestrator is distributed as part of the Keyfactor Integration SDK (software development kit). Contact Keyfactor for more information.
-
The Keyfactor AnyAgent runs on Windows or Linux servers and is used to allow management of certificates regardless of source or location by allowing customers to implement custom agent functionality. Custom store types and/or job capabilities, on which agents operate, are created by adding commands and leveraging extendable code to communicate through an API with Keyfactor Command. Because of the custom nature of the functionality of the AnyAgent, it is not included in the table below, as it could be designed to do one or more of the capacities below, or additional capacities not included below. Contact Keyfactor for more information.
-
This orchestrator runs on Linux servers and is used to perform discovery of SSH
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. keys, generation of SSH keys, and management of SSH keys and Linux logons.
The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. has been deprecated as of Keyfactor Command version 12. Customers should have migrated to the Keyfactor Universal Orchestrator with the Remote File custom extension (see Java Agent in the version 12.0 Release Notes). Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). tools and configurations in the product should not be used. Table 25: Orchestrator Capabilities
|
|
Universal |
Android |
Native |
Bash |
|---|---|---|---|---|
|
Amazon Web Services Add/Remove |
 1
|
|
|
|
|
Amazon Web Services Inventory |
2
|
|
|
|
|
Certificate Auto-enrollment |
|
|
||
|
Certificate ODKG (on-device key generation, formerly reenrollment) |
|
|
||
|
Certificate Renewal |
|
|
|
|
|
F5 (Web Server, SSL Profiles, CA Bundles) Add/Remove |
3
|
|
|
|
|
F5 (Web Server & SSL Profiles, CA Bundles) Inventory |
4
|
|
|
|
| F5 (SSL Profiles & CA Bundles) Discovery |
5
|
|||
|
File Transfer Protocol Add/Remove |
|
|
|
|
|
File Transfer Protocol Inventory |
|
|
|
|
|
IIS (Personal, Revoked, Trusted) Add/Remove |
6
|
|
|
|
|
IIS (Personal, Revoked, Trusted) Inventory |
7
|
|
|
|
|
Java Keystore Add/Remove |
8
|
|
|
|
|
Java Keystore Create |
9
|
|
|
|
|
Java Keystore Discovery |
10
|
|
|
|
|
Java Keystore Inventory |
11
|
|
|
|
| Linux Logon Management |
|
|||
| Log Fetching |
|
|
||
|
NetScaler Add/Remove |
12
|
|
|
|
|
NetScaler Inventory |
13
|
|
|
|
|
PEM Add/Remove |
14
|
|
|
|
|
PEM Discovery |
15
|
|
|
|
|
PEM Inventory |
16
|
|
|
|
|
Remote CA & Template Synchronization |
|
|
|
|
|
SSL Discovery & Monitoring |
|
|
|
|
| SSH Key Discovery |
|
|||
| SSH Key Generation |
|
|||
| SSH Key Management |
|
The options available in the Orchestrator Management section of the Management Portal are:
-
Management
View and configure orchestrators.
-
Jobs
View active orchestrator jobs and review job errors.
-
Blueprints
Snapshot the certificate stores and scheduled jobs of one machine and apply them to multiple other similar machines.
Was this page helpful? Provide Feedback