Add Certificate

The add certificate tool supports importing certificates with the following formats and extensions:

This tool has several purposes, including:

If you import a certificate that has either already been imported via a synchronization task or has been manually imported previously, the certificate will not be re-imported. You will receive a notification message, when you save it, if the certificate already exists in the Keyfactor Command database. Any metadataClosed Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. currently stored in the database for that certificate will be displayed in the metadata fields on the page (for .cer and .crt format certificates), and any changes you make to the metadata on this page will overwrite the existing metadata for the certificate when you complete the import (for all certificate formats).

To use the add certificate tool

  1. In the Management Portal, browse to Certificates > Add Certificate.
  2. In the Add Certificate section of the page, click the Upload button to open a browse window.
  3. In the browse window, browse to select the certificate you wish to import.
  4. For a .pfx or .p12 file, when prompted enter the password for the file and Save. This will open the Add Certificate page, which will allow you to change/add metadata and choose certificate locations to deploy the certificate to. Set PFX Password allows you to reenter the password once you have uploaded the certificate.

    Figure 52: Add Certificate Password for PFX/p12

  5. In the Certificate/PFX Details section of the page, review the certificate information.

    Figure 53: Add Certificate Information

  6. In the Metadata section of the page, populate the metadata fields as appropriate for the certificate. Metadata fields that have been designated as required on a system-wide or templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.-level basis will be marked with *Required.

    Figure 54: Add Certificate Metadata

  7. In the Install into Certificate Locations section of the page, select each certificate store location to which you want to distribute the certificate, if desired. To do this, click the Include Certificate Stores button. This will cause the Select Certificate Store Locations dialog to appear. Make your certificate store selections in this dialog as described in Select Certificate Store Locations, below, and click Include and Close. You will then see some additional fields on the page. Populate these as per Add to Certificate Stores and Information Required for Certificate Stores, below.

  8. Click Save to import the certificate to Keyfactor Command
Note:  When you import a certificate containing a private key (a .pfx or .p12 file), the private key for that certificate is stored in the Keyfactor Command database. Users with limited permissions to the Add Certificate function may have permissions to upload certificates but not store private keys. If a user with this permission model uploads a certificate containing a private key, the certificate itself will be imported (if it does not already exist in the database), but the private key will not be stored. The user will receive a message indicating this. For more information about setting permissions for importing certificates, see Security Roles and Claims.
Tip:  Click the help icon () next to the Add Certificate page title to open the Keyfactor Command Documentation Suite to this section. You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.