Hostname Identification and Resolution

Prior to the installation of Keyfactor Command, you need to determine the DNSClosed The Domain Name System is a service that translates names into IP addresses. alias(es) by which the Keyfactor Command roles will be accessed, if any, and configure them in your hostnameClosed The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername). resolution solution so that they will be resolvable prior to installation. For example, if you’re licensed for SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key management and wish to publish the My SSH Key portal externally to support SSH key acquisition by users outside the company firewall, you will probably wish to reference the server by a DNS alias rather than its actual hostname. For example, you may wish to use keyfactor.keyexample.com rather than websrvr23.keyexample.local. This is particularly significant if you will be using redundant servers with load balancing. For DNS aliases used internally, you will need to consider whether the servers to be accessed will be authenticated using Kerberos authentication. Out of the box, the Keyfactor Command Management Portal uses integrated Windows authentication and will default to Kerberos authentication in most environments. Although some features of the Keyfactor Command Management Portal may support NTLM authentication in some environments, the dashboard and enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). functions do not support NTLM. If you will be using Kerberos authentication, your DNS aliases need to be configured as “A” records rather than CNAME records because Kerberos does not function well with CNAME records under Microsoft IIS.

The roles for which you need hostnames during the Keyfactor Command installation are:

Prior to beginning the Keyfactor Command installation, ensure that the selected hostnames resolve successfully.