Using Event Handlers

A given expiration, pending, issued or denied alert can have only one event handler action associated with it. For example, an alert can run one PowerShell script but not also a second PowerShell script or also an event logging task. Alerts configured with a PowerShell or renewal event handler can also send out email messages. However, be aware that your PowerShell script will run once for every certificate and every email recipient, so if your alert has three email recipients, your script will run three times for each certificate. If this is not the desired behavior, you can set up separate alerts for email messages and your PowerShell script. Alerts configured with an event logger event handler will log events to the event log instead of sending email messages. If you want to both log to the event log and send email messages for a given alert configuration, you need to set up two separate alerts.

Tip:  Powershell handlers will run in different security contexts depending on where they were triggered. If you trigger them by the Portal/API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. they will use the App Pool account. If you trigger them via the schedule in the Keyfactor Command mangement portal they will use the Service account. Keep this in mind if your configuration of the PowerShell script is going to use Windows Auth to reach back into Keyfactor Command,or elsewhere.