Keyfactor Command uses a client certificate to authenticate to the EJBCA certificate authority
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. to support certificate synchronization, enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., and revocation. The certificate that Keyfactor Command uses for authentication needs:
-
An extended key usage (EKU) of Client Authentication
-
A key usage that includes Digital Signature
Figure 531: Certificate Profile for EJBCA Client Certificate
The certificate needs to be available as a PKCS#12 A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. (*.pfx) file in order to import it into Keyfactor Command.
Figure 532: Certificate Download for EJBCA Client Certificate
The certificate needs to be granted appropriate access to the EJBCA CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. to allow Keyfactor Command interactions with the CA to take place (see Grant the Keyfactor Command Users and Service Account(s) Permissions on the CAs).