There are several options for adding to your Keyfactor Command implementation with custom extensions, handlers, and scripts. There are also a few options for customizations. This section provides an overview of some of the available options.
-
PowerShell scripts can be executed from workflows and using event handlers in alerts. For more information, see PowerShell Scripts.
-
The Keyfactor Universal Orchestrator
The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. supports the use of custom-built extensions to extend functionality to a variety of certificate store types and devices for management (see Installing Custom-Built Extensions). -
The Keyfactor Universal Orchestrator
Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. supports the option to implement custom-built certificate store jobs using one or more scripts (PowerShell or Bash) rather than a full extension (see Configuring Script-Based Certificate Store Jobs). -
Custom event handlers can be built for use with alerts (see Custom Event Handler Operations).
-
The Keyfactor AnyCA Gateway REST and AnyCA Gateway (previous version) support the use of publicly available extensions to allow for functions such as certificate enrollment
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). and management from Keyfactor Command to a variety of third-party CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. vendors (e.g. DigiCert, Entrust, GoDaddy). For more information, see the separate gateway documentation and the Keyfactor GitHub: -
The Keyfactor Command logo on the banner at the top of the Management Portal can be replaced with an alternate image of your choosing (see Customize the Management Portal Banner Logo).
-
Customizations can be done to orchestrator API
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. configuration settings, SQL connection settings, Keyfactor Command Service job settings and more using appsetting.json files (see Keyfactor Command Appsetting.json Files). -
The executable used to run the Keyfactor Command Service can be changed from an exe to a signed dll for environments where this is an important requirement (see Keyfactor Command Service Executable).
-
Microsoft CA key recovery can be configured on the Keyfactor Command to allow private keys archived in a Microsoft CA to be retrieved in Keyfactor Command (see Configuring Key Recovery for Keyfactor Command).
-
Client certificates used for orchestrator authentication can be renewed using a client certificate renewal extension (see Register a Client Certificate Renewal Extension).
-
Orchestrators can be auto-registered to Keyfactor Command using a custom auto-registration handler (see Custom Auto-Registration Handlers).
-
At the conclusion of orchestrator jobs a custom handler can be run (see Editing Job Completion Handlers).
-
Privileged Access Management (PAM) providers can be configured either on the Keyfactor Command server or the Keyfactor Universal Orchestrator (see Installing Custom PAM Provider Extensions).