Keyfactor Command Server(s)

The server with this role provides the web-based administration interface that is used to view and report on certificates issued in the environment and enroll for certificates for use on servers. This role runs under Microsoft IIS. Configuration for the Keyfactor Command implementation as a whole is also done through the Keyfactor Command Management Portal. The Logi Analytics Platform for reporting is hosted on the server with this role.

The server with this role hosts back-end services required to support Keyfactor Command. This includes the Keyfactor Command Service, which is used for all periodic tasks throughout Keyfactor Command, including CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. synchronization, monitoring alerts, and report automation.

The server with this role hosts the Web APIs—the newer Keyfactor API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. and the older Classic API. The newer Keyfactor API is also included in the Management Portal role, since the Management Portal makes extensive use of this API.

The server with this role hosts the back-end service for receiving requests from and sending requests to Keyfactor agents and orchestrators.

The server with this role hosts the back-end service for validating SCEP requests.

This Keyfactor Command role is installed on one or more Microsoft CAs on which you want to automate the addition of a DNS The Domain Name System is a service that translates names into IP addresses. SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. matching the CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). of certificate requests for selected templates.

This Keyfactor Command role is installed on one or more Microsoft CAs on which you want to allow the addition of SANs not included in the CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. when making a CSR enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). request without the need to enable the Microsoft CA EDITF_ATTRIBUTESUBJECTALTNAME2 flag.

This Keyfactor Command role is installed on a Microsoft CA that will issue certificates to iOS devices or otherwise need to do SCEP validation.

This Keyfactor Command role is installed on one or more Microsoft CAs on which you want to limit certificate enrollment to selected client machines for selected certificate templates.