Install the Keyfactor RFC 2818 Policy Handler

To begin the RFC 2818 Policy Handler installation, execute the KeyfactorCAModuleInstaller.msi file from the Keyfactor installation media and install as follows.

  1. On the first installation page, click Next to begin the setup wizard.

    Figure 497: Install RFC 2818 Policy Handler: Begin Setup Wizard

  2. On the next page, read and accept the license agreement and click Next.

  3. On the next page, select the components to install. For the RFC 2818 Policy Handler, deselect all the components except the RFC 2818 Policy Handler component. If desired, you can highlight Keyfactor Custom Policy Module and click Browse to select an alternate installation location for the files. The default installation location is:

    C:\Program Files\Keyfactor\Keyfactor CA Modules

    Figure 498: Install RFC 2818 Policy Handler: Select Components

  4. On the next screen, click Install.
  5. On the final installation wizard page, leave the "Launch the CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. MMC snap-in now" box selected and click Finish. The Microsoft Certification Authority management tool should start automatically. This can take several seconds.
  6. In the Certification Authority management tool, right-click the CA name at the top of the tree and choose Properties.

  7. In the Properties dialog for the CA on the CA Policy Module tab, click Select, highlight the Keyfactor Custom Policy Module in the Set Active Policy Module dialog and click OK.

    Figure 499: Enable the Keyfactor CA Policy Module

  8. In the Properties dialog for the CA on the CA Policy Module tab, click Properties.

  9. On the Licensing tab of the Policy Module Configuration Properties page, click Upload License and browse to locate the license file provided to you by Keyfactor. This file should have the extension CMSLICENSE.

    Figure 500: Upload the Keyfactor CA Policy Module License

  10. On the Custom Handlers tab of the Policy Module Configuration Properties page, highlight the RFC 2818 Policy Handler under Loaded Handlers, click Load to move it over to the loaded handlers, and click OK.

    Figure 501: Enable the RFC 2818 Policy Handler

  11. On the Custom Handlers tab of the Policy Module Configuration Properties page, highlight the RFC 2818 Policy Handler under Loaded Handlers and click Configure.

  12. On RFC 2818 Policy Handler configuration dialog, select the templates that should be under management by the RFC 2818 policy handler and click Add. Certificate enrollments from any source made using the templates selected here on the configured CA will automatically be assigned a DNSClosed The Domain Name System is a service that translates names into IP addresses. SANClosed The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. matching the certificate’s CNClosed A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com)..

    Figure 502: Add Templates for Management with the RFC 2818 Policy Handler

  13. Click OK as many times as needed to close the configuration dialogs and save the configuration. You will be prompted to restart the CA services.