System Requirements

Table 759: System Requirements provides the recommendations for minimum system specifications used by Keyfactor Command components. All servers may be deployed as virtual machines and may be part of a clustering or load-balanced architecture, if desired. If the Keyfactor Command roles are co-located, the specifications may need to be scaled accordingly. All Microsoft-supported methods for making SQL Server highly available are supported. For most high availability requirements, Keyfactor recommends using always on availability groups (see SQL Server).

As of Keyfactor Command version 10.0, connectivity to the SQL server requires TLSClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. encryption. For information about configuring TLS for SQL server, see:

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-ver15

As of Keyfactor Command version 10.0, Windows Server 2016 is no longer supported. The installer will not check your server version nor prevent installation, but the product will not function properly. If you choose to use Server 2016, any PFXs will need to be configured to use SHA1 and 3DES for encryption for use by Keyfactor Command.

Table 759: System Requirements

Component

Minimum Requirements

Keyfactor Command Server
(Management Portal, vSCEP™ and Services roles)

Windows Server 2019 or 2022

Internet Information Services (IIS) with Basic Authentication, Windows Authentication, ASP.NET 4.7 or greater, and the Active Directory Module for Windows PowerShell (see Install IIS and .NET on the Keyfactor Command Server)

.NET Framework 4.7.2 or greater

4 GB RAM, 2 GHz CPU, 40 GB disk

Microsoft SQL Database

Microsoft SQL Server 2016 with cumulative update (CU) 2 or higher, 2017, 2019, 2022 all with TLS encryption enabled and compatibility level 130 or higher.

8 GB RAM, 2+ GHz CPU (>= 2 cores), 500 GB disk
Browser to Access the Management Portal Chrome 65.0.3325+, Firefox 59.0+, or Microsoft Edge 42.17134+
Keyfactor Command Server Upgrade Keyfactor Command version 6.1.0 or later is required to upgrade to Keyfactor Command version 9.0 or later.
EJBCA CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.

EJBCA Enterprise version 7.8.1 or later is supported.

The EJBCA REST APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. must be enabled to interoperate with Keyfactor Command (see System Configuration -> Protocol Configuration in the EJBCA administration portal).
Tip:  To check the compatibility level of the database, run the query:

SELECT name, compatibility_level FROM sys.databases

The value returned for compatibility_level should match the version of SQL server you are using for your Keyfactor Command database(s). If this needs to be updated, take a backup before updating the compatibility level via SQL query. For example, to update to compatibility_level 150 (SQL 2019):

ALTER DATABASE [KeyfactorDB] SET COMPATIBILITY_LEVEL = 150

Where [KeyfactorDB] is the name of your Keyfactor Command database and the compatibility_level value matches the version of SQL server you are using.

For more information, see:

https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-transact-sql-compatibility-level?view=sql-server-ver15