There are several options for adding to your Keyfactor Command implementation with custom extensions, handlers, and scripts. There are also a few options for customizations. This section provides an overview of some of the available options.
-
PowerShell scripts can be executed from workflows and using event handlers in alerts. For more information, see PowerShell Scripts.
-
The Keyfactor Universal Orchestrator
The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. supports the use of custom-built extensions to extend functionality to a variety of certificate store types and devices for management (see Installing Certificate Store Management Extensions). -
Custom event handlers can be built for use with legacy alerts (see Custom Event Handler Operations).
-
The Keyfactor AnyCA Gateway REST and AnyCA Gateway (previous version) support the use of publicly available extensions to allow for functions such as certificate enrollment
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). and management from Keyfactor Command to a variety of third-party CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. vendors (e.g., DigiCert, Entrust, GoDaddy). For more information, see the separate gateway documentation and the Keyfactor GitHub: -
The Keyfactor Command logo on the banner at the top of the Management Portal can be replaced with an alternate image of your choosing (see Customize the Management Portal Banner Logo).
-
Customizations can be done to orchestrator
Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. configuration settings, SQL connection settings, Keyfactor Command Service job settings and more using appsetting.json files (see Keyfactor Command Configuration Files). -
The executable used to run the Keyfactor Command Service can be changed from an exe to a signed dll for environments where this is an important requirement (see Keyfactor Command Service Executable).
-
Microsoft CA key recovery can be configured on the Keyfactor Command to allow private keys archived in a Microsoft CA to be retrieved in Keyfactor Command (see Configuring Key Recovery for Keyfactor Command).
-
Client certificates used for orchestrator authentication can be renewed using a client certificate renewal extension (see Register a Client Certificate Renewal Extension).
-
Orchestrators can be auto-registered to Keyfactor Command using a custom auto-registration handler (see Custom Auto-Registration Handlers).
-
At the conclusion of orchestrator jobs a custom handler can be run (see Job Completion Handlers).
-
Privileged Access Management (PAM
PAM (Privileged Access Management): Controls privileged access by vaulting credentials, enforcing least-privilege/just-in-time access, rotating secrets, and auditing sessions. Across Keyfactor products, PAM protects diverse sensitive operations and secrets—for example certificate stores and CA credentials—via built-in or third-party providers; external integrations are delivered as custom PAM extensions (several published on Keyfactor’s public GitHub).) providers can be configured either on the Keyfactor Command server or the Keyfactor Universal Orchestrator (see Installing Custom PAM Provider Extensions).
Was this page helpful? Provide Feedback