Create Service Accounts for the Java Agent

The Java AgentClosed The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. makes use of up to two service accounts to allow it to communicate with the Keyfactor Command server. These two service accounts work together to transfer information from the Java Agent to the Keyfactor Command server. The two service accounts can be thought of as players on two sides of a fence, with the service account for the Java Agent lobbing information over the fence to the service account on the Keyfactor Command server side to catch and hand to the Keyfactor Command server:

If the Java Agent is installed on a domain-joined machine in the same forest as the Keyfactor Command server, the same Active Directory service account may be used on both sides of the fence.

The service accounts need to be created prior to installation of the Java Agent software, and the person installing the Java Agent software needs to know the domain, username and password of each service account.

Important:  Keyfactor highly recommends that you use strong passwords for any accounts or certificates related to Keyfactor Command and associated products, especially when these have elevated or administrative access. A strong password has at least 12 characters (more is better) and multiple character classes (lowercase letters, uppercase letters, numeral, and symbols). Ideally, each password would be randomly generated. Avoid password re-use.