Configure the Keyfactor Command Server from the Command Line
The Keyfactor Command server can optionally be configured using a pair of configuration files and a command run from the command line. You may be provided one or both of these files by your Keyfactor Client Success representative. The configuration files for command-line configuration are:
-
Keyfactor Command Configuration File
This file, with an extension of .cmscfg, contains information in XML format to configure the Keyfactor Command database. This file can be generated by installing Keyfactor Command, running the configuration wizard and populating all the fields as desired, and then saving a copy of the configuration either with or without a password to encrypt sensitive information in the file (see Install the Main Keyfactor Command Components on the Keyfactor Command Server(s)). Keyfactor strongly recommends using a password to protect production files. -
Input Parameters File
This file, with an extension of .xml, contains information in XML format to connect to and configure SQL, open the Keyfactor Command configuration file, locate the Keyfactor Command license, and create application pools, if desired.
To configure Keyfactor Command from the command line:
- Install the Keyfactor Command software using one of these methods:
- Follow the initial instructions for Install the Main Keyfactor Command Components on the Keyfactor Command Server(s) except on the final installation wizard page, uncheck the Launch the Configuration Wizard now box and click Finish. The configuration wizard should not open.
Open an administrative command prompt and execute a command similar to the following:
start /wait msiexec /i <full path to install file>\KeyfactorPlatform.msi /Live <path for msiexec logs> /QuietThis will install the default components of Keyfactor Command in a non-interactive way (/Quiet), output log information to a file (/Live), and wait to return to the command prompt until the installation is complete (start /wait).
If you wish to install a set of features other than the default features, you can add the ADDLOCAL parameter
A parameter or argument is a value that is passed into a function in an application. and specify the features you wish to install. For example, the following command will install the Orchestrator Service API and Windows Services features:start /wait msiexec /i <full path to install file>\KeyfactorPlatform.msi ADDLOCAL=AgentServicesFeature,ServiceFeature /Live <path for msiexec logs> /QuietThe following features are available:
AgentServicesFeature
This installs the Orchestrator
Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. Service API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. feature.ConfigurationFeature
This installs the configuration wizard and is required for all installations.
ServiceFeature
This installs the Windows Services feature, which includes the Keyfactor Command Service (a.k.a. the timer service).
VCRedistFeature
This installs the Microsoft Visual C++ Redistributable and is required for all installations unless it has been separately installed.
vSCEPValidationFeature
This installs the vSCEP Validation Service feature. It is not included in the default features.
WebApiFeature
This installs the WebAPI feature, which includes both the Keyfactor API and the Classic API.
WebConsoleFeature
This installs the Management Portal feature, which includes the Keyfactor Command Management Portal and the Keyfactor API.
The features you decide to install will depend on the role the server will be playing in your Keyfactor Command implementation. Table 759: Features Required for Each Server Role shows the minimum features that need to be installed for each of the server roles shown in the table columns. If you're installing all the required features on a single server, you need everything except vSCEPValidationFeature, which is only required for customers needing to validate SCEP requests, and WebApiFeature, which is only required for customers wishing to use the Classic API (see Classic API). If you don't intend to use any orchestrators (see Installing Orchestrators), you do not need to install the AgentServicesFeature.
Table 759: Features Required for Each Server Role
ADDLOCAL Parameter Single Server Management Portal Windows Services WebAPI Orchestrator Service API vSCEP Validation Service ConfigurationFeature 
VCRedistFeature WebConsoleFeature ServiceFeature WebApiFeature 
AgentServicesFeature vSCEPValidationFeature
- Acquire a Keyfactor Command configuration file from your Keyfactor Client Success representative or create one by installing and configuring Keyfactor Command on a test machine. It's not practical to attempt to generate this file manually, though a file can be edited once generated (other than password-protected fields).
-
Create an input parameters file. See Table 760: Input Parameters XML File Fields. A sample file can be found in the Configuration directory under the directory in which you installed Keyfactor Command. By default, this is:
C:\Program Files\Keyfactor\Keyfactor Platform\Configuration\InputParameters.xml -
Open an administrative command prompt, change to the Configuration directory under the directory in which you installed Keyfactor Command (by default this is C:\Program Files\Keyfactor\Keyfactor Platform\Configuration), and execute a command similar to the following, referencing your input parameters file and using the appropriate parameters for the ConfigurationWizardConsole tool (see Table 761: ConfigurationWizardConsole.exe Options):
.\ConfigurationWizardConsole.exe -p C:\Stuff\InputParameters.xml -u
Table 760: Input Parameters XML File Fields
| Parameter | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Protected | A Boolean indicating whether sensitive information in the Keyfactor Command configuration file is protected with a password (true) or not (false). | ||||||||||
| Password | A string containing the password used to protect the Keyfactor Command configuration file if Protected is set to true. | ||||||||||
| ConfigurationFile | The full path to the Keyfactor Command configuration file (e.g. C:\Stuff\myconfig.cmscfg). | ||||||||||
| DatabaseServer |
The hostname
|
||||||||||
| Database | The name of the database in SQL for Keyfactor Command. If a database with this name exists, it will be used (see ForceDatabaseConversion). If it doesn't, it will be created (see CreateDatabaseIfMissing). | ||||||||||
| CreateDatabaseIfMissing | A Boolean indicating whether the SQL database should be created if it does not exist (true) or not (false). If this is set to false and a database does not exist, an error will be generated and the configuration will not continue. | ||||||||||
| ForceDatabaseConversion | A Boolean indicating whether a pre-existing SQL database should be converted for use by Keyfactor Command (true) or not (false). If this is set to false and a pre-existing database that has not already been converted for Keyfactor Command use is found, an error will be generated and the configuration will not continue. | ||||||||||
| ForceDatabaseUpgrade | A Boolean indicating whether a pre-existing SQL database should be upgraded from a previous version of Keyfactor Command (true) or not (false). If this is set to false and a pre-existing database that is running a version of Keyfactor Command that does not match the version being installed is found, an error will be generated and the configuration will not continue. | ||||||||||
| ContinueOnSqlGrantError | A Boolean indicating whether the configuration should continue if an error is encountered when attempting to set SQL permissions. | ||||||||||
| SqlUsername | A string containing the SQL username to be used to authenticate to the SQL server if you have opted not to use Windows integrated authentication. For an on-premise SQL server, the server must be configured to support mixed mode authentication in order to use the SQL option. This option is typically used to connect to cloud-based (e.g. Azure) SQL servers. Leave this field blank if you are using Windows integrated authentication. The credentials of the logged on user executing the command will be used to authenticate to SQL. | ||||||||||
| SqlPassword | A string containing the SQL password to be used to authenticate to the SQL server. Leave this field blank if you are using Windows integrated authentication. | ||||||||||
| LicenseFile | The full path to your Keyfactor Command license file (e.g. C:\Stuff\keyexample.cmslicense). | ||||||||||
| AppliationPoolsToCreate | An array of application pools to create (typically only one is needed). Application pool fields include:
For example: <ApplicationPoolsToCreate> <!--Remove this section if none are to be created--> <WizardApplicationPool> <Name>Keyfactor</Name> <Username>KEYEXAMPLE\svc_keyfactorpool</Username> <Password>MySecurePassword</Password> <FailIfExists>true</FailIfExists> </WizardApplicationPool> </ApplicationPoolsToCreate> |
Table 761: ConfigurationWizardConsole.exe Options
| Switch | Description |
|---|---|
| -p, --paramfile | The full path to the input parameters XML file. This switch is required. |
| -u, --unattended | Do not output errors at the console. Errors will be redirected to the Windows event log. |
| -d, --database | Create the database in SQL but do not configure Keyfactor Command. |
| -s, --scriptpath |
The full path to a non-standard location for the scripts used during a database upgrade. By default, these are found in the following path: C:\Program Files\Keyfactor\Keyfactor Platform\Configuration\DatabaseUpgrade
This option is typically only used by Keyfactor Support. |
| --help | Display the help. |
| --version | Display the version information. |
