Certificate Metadata

Certificate metadataClosed Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. allows you to tag certificates with user-defined information, such as points of contact or certificate/application owners, either at the point of enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). or after certificates are synchronized into the database. These metadata fields can be configured as required or optional during enrollment, helping to organize and manage certificate data more effectively. The captured information can also be used for queries and alerts in the Management Portal.

Default values can be set in metadata fields at multiple levels:

When a metadata field value is set at more than one level, precedence is determined as follows during PFXClosed A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and CSRClosed A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment requests:

  1. Enrollment Pattern Default: If an enrollment pattern default exists, it takes precedence.

  2. Template-Level Default: If no enrollment pattern default is set, but a template-level default exists, it is used.

  3. System-Wide Default: If neither an enrollment pattern nor a template-level default is defined, the system-wide default is applied, if available.

This setup ensures consistent application of certificate metadata while allowing flexibility for specific use cases.

Before configuring metadata in templates or enrollment patterns, you must first define the fields at the system level. Navigate to System Settings Icon > Certificate Metadata (see Adding or Modifying a Metadata Field).

Tip:  Click the help icon () next to the Certificate Metadata page title to open the Keyfactor Software & Documentation Portal to this section. You will receive a prompt indicating:

You are being redirected to an external website. Would you like to proceed?

You can also find the help icon () at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.

Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).