Configuring the Whitelist Policy Handler

1. Open the Custom Handlers tab of the Policy Module Configuration Properties and load the Keyfactor Command Machine Whitelist Policy as per Modifications to the Policy Module Configuration.
2. Highlight the Keyfactor Command Machine Whitelist Policy under Loaded Handlers and click Configure.
3. On the Template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. tab of the Policy Module Configuration dialog, you can modify the templates under management by the whitelist policy handler. The templates entered during initial installation will be displayed here when you first open the tab. Any templates entered here will be available for enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). only from machines listed on the Machine Names tab. If any of the templates you include here will be used for enrollment through Keyfactor Command, the Keyfactor Command server(s) need to be included in the Machine Names tab.
   • To add a new template for management, enter the certificate template name (short name), not the template display name of the certificate template you want to manage with the whitelist policy handler and click Add. In many cases, the template name is the same as the template display name with the spaces removed. Templates should be added one at a time.
   • To remove a template from management, highlight it in the Template list and click Remove.

   

   Figure 413: Modify Templates for Management with the Whitelist Policy Handler

4. On the Machine Names tab of the Policy Module Configuration dialog, modify the list of machines allowed to request certificates for the controlled templates as needed. The machine names entered during initial installation will be displayed here when you first open the tab. Any machines entered here will be allowed to enroll for the templates listed on the Templates tab.
   • To add a new machine for management, enter the machine name (FQDN) of the machine that you want to manage with the whitelist policy handler and click Add. Machines should be added one at a time.
   • To remove a machine from management, highlight it in the Machine name list and click Remove.

   

   Figure 414: Modify Machines for Management with the Whitelist Policy Handler