Configure CA Certificate Synchronization

The Keyfactor Command certificate management, notification and reporting features make use of a SQL database containing certificates from many locations, including:

• Certificates synchronized from domain-joined Microsoft CAs in your primary forest An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. and forests with which the forest shares a trust

• Certificates synchronized from non-domain-joined EJBCA and Microsoft CAs

• Certificates synchronized from your domain-joined Microsoft CAs in non-trusted forests

• Certificates automatically imported based on SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. synchronization locations

• Certificates imported via Keyfactor CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Gateways from locations such as Entrust and Symantec clouds

• Manually imported certificates

• Certificates inventoried from certificate stores using Keyfactor Command Orchestrators

In order to get these certificates into the Keyfactor Command database so that you can begin using the management, notification and reporting features, you need to configure—at a minimum—CA synchronization. For more information:

• See Certificate Authorities in the Keyfactor Command Reference Guide for information on configuring CA synchronization for your Microsoft and EJBCA CAs.

• See SSL Discovery in the Keyfactor Command Reference Guide for information on configuring SSL discovery and monitoring.

• See the separate documentation for each type of CA gateway you have along with Certificate Authorities in the Keyfactor Command Reference Guide for information on configuring CA synchronization for your CA gateways.

• See Add Certificate in the Keyfactor Command Reference Guide for information on manually importing a certificate.

• See Installing Orchestrators in the Keyfactor Orchestrators Installation and Configuration Guide and Orchestrators and Certificate Stores in the Keyfactor Command Reference Guide for information on inventorying certificates from certificate stores.

For information on using the Keyfactor Command Management Portal, see Using the Management Portal in the Keyfactor Command Reference Guide.