Viewing Orchestrator Details

To view details of an orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores., double-click the orchestrator, right-click the orchestrator and choose View Details from the right-click menu, or highlight the row in the grid and click View Details at the top of the grid. The orchestrator details dialog includes this information:

The GUID of the orchestrator.

The host nameClosed The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername). of the orchestrator machine, either short or fully qualified depending upon how the machine reports itself.

The Active Directory user account the orchestrator is using to authenticate to Keyfactor Command, which may or may not be the same as the user account under which the orchestrator is running. For example, the Keyfactor Windows OrchestratorClosed The Windows Orchestrator, one of Keyfactor's suite of orchestrators, is used to manage synchronization of certificate authorities in remote forests, run SSL discovery and management tasks, and interact with Windows servers as well as F5 devices, NetScaler devices, Amazon Web Services (AWS) resources, and FTP capable devices, for certificate management. In addition, the AnyAgent capability of the Windows Orchestrator allows it to be extended to create custom certificate store types and management capabilities regardless of source platform or location. service runs as a service account on the orchestrator machine but its identity on the Keyfactor Command server will be a service account in the Keyfactor Command forestClosed An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers.. This identity may be different from that of the service account on the orchestrator machine, which may be in a remote forest.

The platform of the orchestrator—Java for the Java AgentClosed The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed., .NET Core for the Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux., .NET for the Keyfactor Windows Orchestrator, Bash for the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise., and ObjectiveC for the Mac agent, for example.

The version number that the orchestrator has reported.

Whether the orchestrator has been approved for operations with the Keyfactor Command server. Newly registered orchestrators show New in this column. Disapproved orchestrators show Disapproved.

The date and time when the orchestrator last contacted the Keyfactor Command server.

The target types that are supported by that orchestrator—e.g. AWS, F5, FTP, IIS, JKSClosed A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption., NS (NetScaler), PEMClosed A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key., SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption., SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers., Windows—as appropriate for the type of orchestrator. This includes custom AnyAgentClosed The AnyAgent, one of Keyfactor's suite of orchestrators, is used to allow management of certificates regardless of source or location by allowing customers to implement custom agent functionality via an API. capabilities. Keyfactor Command also has LOGS capabilities for Keyfactor Universal Orchestrators, Native Agents, and any orchestrators built on the AnyAgent platform.

The last blueprintClosed A snapshot of the certificate stores and scheduled jobs on one orchestrator, which can be used to create matching certificate stores and jobs on another orchestrator with just a few clicks. applied to the orchestrator, if any (see Orchestrator Blueprints).

The thumbprint of the certificate previously used by the orchestrator for client certificate authentication before a certificate renewal operation took place (rotating the current thumbprint into the legacy thumbprint). The legacy thumbprint is cleared once the orchestrator successfully registers with a new thumbprint.

The thumbprint of the certificate that Keyfactor Command is expecting the orchestrator to use for client certificate authentication.

The last error code, if any, reported from the orchestrator when trying to register a session. This code is cleared on successful session registration.

The thumbprint of the certificate that the orchestrator most recently used for client certificate authentication. In most cases, this will match the Current Thumbprint.

The last error code, if any, reported from the orchestrator when trying to register a session. This code is cleared on successful session registration.

The last error code, if any, reported from the orchestrator when trying to register a session. This message is cleared on successful session registration.

Figure 275: View Details for an Orchestrator