Certificate Templates

During initial provisioning, certificate templates are imported automatically if Keyfactor Command is installed on Windows and the primary environment includes Microsoft CAs in the Active Directory forest An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. where Keyfactor Command is installed. Templates from other environments or CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. types can be imported in several ways:

• EJBCA CAs: For EJBCA CAs, you can use the Import Templates option after configuring a CA record for at least one EJBCA instance.
• Microsoft CAs (trusted forests): For Microsoft CAs domain-joined to forests that have a two-way trust with the primary forest, you can use the Import Templates option at any time.
• Microsoft CAs (untrusted or one-way forests): For Microsoft CAs domain-joined to forests that have only a one-way trust, or no trust, with the primary forest, you can use the Import Templates option after configuring a CA record for at least one Microsoft CA in the external forest and enabling Use Explicit Credentials with appropriate credentials for that forest.
• CA Connector: For CAs accessed with the CA Connector The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client, you can use the Import Templates option after you have configured a CA record for at least one CA.

Templates associated with certificates issued by any configured CA will appear automatically in the templates grid as those certificates are synchronized to Keyfactor Command. Templates may also appear independently as part of the hourly automated template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. import process, even if no certificates have yet been synchronized.

Templates will need to be re-imported if you add a new template or change the name or key size The key size or key length is the number of bits in a key used by a cryptographic algorithm. of a template after it has been imported into Keyfactor Command and don't want to wait for the automated import process (see Importing Certificate Templates).

To support PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., certificate templates need to be configured with enrollment patterns (see Adding or Modifying an Enrollment Pattern) and the certificate authorities that will issue the certificates need to be enabled for enrollment (see HTTPS CAs - Advanced Tab or DCOM CAs - Advanced Tab).