The recommended best practice after you finish running the Keyfactor Command configuration wizard is to reboot the Keyfactor Command server to assure that the services have a clean start. If this is not possible:
- Restart the Keyfactor Command Service (see Enable and Start the Keyfactor Command Service).
- Restart IIS.
There is no particular order in which the tasks on the following pages must be accomplished.
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). patterns, enrollment patterns generated for any templates from CAs managed using a Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. will result in an error similar to the following when the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA./template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. cache attempts to build:
An enrollment pattern is automatically generated on upgrade for any certificate template for which at least one of the following is true:
CSR
A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. Enrollment, PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. Enrollment, or CSR Generation is enabled.Restrict Allowed Requesters is enabled and at least one security role configured in Allowed Request Security Roles.
One or more custom values are defined on the Enrollment Fields tab.
One or more regular expressions are defined on the Enrollment RegExes tab other than the default value of .+ for Common Name
A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com)..One or more default values are defined on the Enrollment Defaults tab.
Any policies that differ from the system-wide policies are configured.
The Keyfactor Universal Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. does not support certificate enrollment, so no enrollment patterns are required for templates from CAs managed with the orchestrator. To workaround this error, remove any enrollment patterns generated for these templates after upgrade.
Was this page helpful? Provide Feedback