System Requirements

The Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux. is supported on the following operating systems:

  • Windows Server 2019
  • Oracle Linux 7 or higher
  • Red Hat Enterprise 7 or higher
  • Ubuntu 16 or higher
Note:  Older versions of the Universal OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. will work with newer versions of Keyfactor Command, but not the other way around (see the Compatibility Matrix in the Keyfactor Command Documentation Suite). The current version of the Universal Orchestrator requires Keyfactor Command version 10.0 or greater.
Important:   Microsoft support for .NET Runtime version 3.1 was deprecated at the end of 2022. Instructions for upgrading to version 6.0 are included in the Tip, below.

The Universal Orchestrator has the following requirements on Windows.

  • The orchestrator requires the Microsoft .NET Runtime version 6.0 (x64). Version 6.0 is available for download from Microsoft:

    https://dotnet.microsoft.com/download/dotnet/6.0/runtime

    You need only the .NET Runtime (x64), not the ASP.NET Core Runtime or ASP.NET Core Hosting Bundle. At the above link, this would be the Download x64 option under the "Run console apps" heading.

    You can use the following PowerShell command to check the .NET core version(s) installed on a server (if any):

    dotnet --list-runtimes

    Output from this command will look something like this if you have the correct 6.0 x64 version of the .NET Runtime installed (notice the path is in C:\Program Files, not C:\Program Files (x86), indicating this is the x64 version):

    Microsoft.NETCore.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

  • If you intend to use the orchestrator to manage certificates on remote Windows machine store certificates (servers other than the server on which the orchestrator is installed) using the IIS Personal, IIS Trusted Roots, or IIS Revoked store types, make sure that TCP port 445 is open between the orchestrator and the remote servers.

  • If you intend to use the orchestrator to manage certificates from remote Microsoft CAs (CAs outside the forestClosed An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. in which Keyfactor Command is installed or forests in a two-way trust with this forest), the orchestrator requires the Microsoft Visual C++ 2019 (or later) redistributable for x64. This is available for download from Microsoft:

    https://aka.ms/vs/16/release/vc_redist.x64.exe

    The Microsoft Visual C++ Redistributable appears as an application in the Windows Apps & features.

The following applications are required in order to install the Universal Orchestrator on Linux servers.

The orchestrator requires the Microsoft .NET Runtime version 6.0 (x64). Information about this is available from Microsoft:

https://docs.microsoft.com/en-us/dotnet/core/install/linux

You need only the .NET Runtime (x64), not the ASP.NET Core Runtime, but it won't hurt anything to install both the .NET and ASP.NET Core runtimes as suggested in the Microsoft documentation for installing .NET on Linux.

For the most part, it can be installed via the OS package manager. The method to complete this varies depending on the Linux operating system. For example, for Ubuntu 20.04, the following commands will install the correct version of .NET:

wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get install dotnet-runtime-6.0

You can use the following command to check the .NET version installed on a server (if any):

dotnet --list-runtimes

Output from this command will look something like this if you have the correct 6.0 version of the .NET Runtime installed:

Microsoft.NETCore.App 6.0.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

The orchestrator can only be installed on a Linux server that has jq installed. You can use the following command to check the jq version of a server:

jq --version

The orchestrator requires a Linux server that uses the systemd service manager. You can use the following command to test whether a system is running systemd:

ps -p 1

The orchestrator can only be installed on a Linux server that is running bash version 4.3 or higher. You can use the following command to check the bash version of a server:

bash --version

The orchestrator can only be installed on a Linux server that has curl installed. You can use the following command to check the curl version of a server:

curl --version
Tip:  If you have an existing installation of the Universal Orchestrator using the older Microsoft .NET Runtime version 3.1, you do not need to reinstall the orchestrator to upgrade the .NET version.

To update your existing Universal Orchestrator to the latest .NET version:

  1. On the Universal Orchestrator machine, browse to locate the Orchestrator.runtimeconfig.json file in your installation directory. By default, this is:

    Windows: C:\Program Files\Keyfactor\Keyfactor Orchestrator\Orchestrator.runtimeconfig.json
    Linux: /opt/keyfactor/orchestrator/Orchestrator.runtimeconfig.json

  2. Using a text editor, open the Orchestrator.runtimeconfig.json file for editing and add the following property to the runtimeOptions section:

    "rollForward": "LatestMajor"

    Being sure to add a comma at the end of the previous row, resulting in a final file that looks something like:

    {
   "runtimeOptions": {
      "tfm": "netcoreapp3.1",
      "framework": {
         "name": "Microsoft.NETCore.App",
         "version": "3.1.0"
      },
      "rollForward": "LatestMajor"
   }
}
  3. Save the Orchestrator.runtimeconfig.json file.
  4. Uninstall the Microsoft .NET Runtime version 3.1 (x64) and install the 6.0 version.
  5. Restart the Universal Orchestrator service (see Start the Universal Orchestrator Service).