The Service appsettings.json file allows you to view or change the Keyfactor Command Service installation and configuration settings. By default, the Keyfactor Command Service job sets all service jobs to run based on the configuration wizard setting (see Service Tab). The setting for select service jobs can be changed in the appsettings.json file.
To update the appsettings.json file for service configuration:
-
Navigate to the Service\Configuration folder on your server, located by default at:
C:\Program Files\Keyfactor\Keyfactor Platform\Service\Configuration -
Browse to open the appsettings.json file in a text editor (e.g. Notepad) and adjust the values as needed as per Table 83: Keyfactor Command Jobs Services and Table 82: Keyfactor Command Services Configuration Settings
Figure 408: Appsettings.json File for TimerService Settings
- Save the file.
Table 82: Keyfactor Command Services Configuration Settings
| Setting | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| NLog Config File |
Enter the file path to the Nlog_KeyfactorAPI.config file. The default is: C:\Program Files\Keyfactor\Keyfactor Platform\Service\Configuration
|
||||||||
| Extensions Directory |
Enter the file path to the extensions to be loaded by the extension loader (for registration handler, workflow step, etc... support). The default value is Extensions, for example: C:\Program Files\Keyfactor\Keyfactor Platform\Service\Extensions
|
||||||||
| Active Directory Enforced | This should be set to false if you are not using Active Directory. An IIS reset will be required to apply this setting if you change it. | ||||||||
| Sql Retry Configuration |
SQL retry settings (seeKeyfactor Command Changing SQL Retry Settings for more information).
|
||||||||
| Metadata Generation |
|
||||||||
| Lock Timeout | The wait time in milliseconds to acquire a lock on a job for High Availability. |
Table 83: Keyfactor Command Jobs Services
| Type |
Service |
Description |
Notes |
|---|---|---|---|
| Maintenance | Bulk Audit Processing | Periodically add audit log entries for large jobs. Most audit log entries are added immediately at the time the activity generating the audit log takes place. However, some large jobs that might generate heavy server load (e.g. bulk revocation) save the audit log entries in a temporary location to reduce server load and then they are added to the audit log by this periodic job. | This job runs every 10 minutes. |
| Maintenance | Metadata Generation | Periodically generate and assign metadata to certificates when they are imported into Keyfactor Command using a custom metadata extension. | This job runs every 15 minutes. |
| Maintenance | Private Key Cleanup | Periodically remove any stored private keys in the Keyfactor Command database that have expired and are eligible for deletion. |
This job runs daily at 1:00 am. For more information about stored private keys, see Status Tab. |
| Maintenance | Purge Audit History | Periodically remove any audit log history in the Keyfactor Command database that has expired and is eligible for deletion. |
This job runs monthly on the first day of the month at 2:00 am. For more information, see Application Settings: Auditing Tab. Only audit logs belonging to unprotected categories are eligible for deletion. |
| Maintenance | Endpoint History | Periodically remove any SSL endpoint history in the Keyfactor Command database that is eligible for deletion, based on the setting in Application Settings: Auditing Tab(SSL > Retain SSL Endpoint History (days)). | This job runs daily at 1:00 am. |
| Maintenance | Reporting Cleanup | Periodically remove records from temporary files generated while running reports. | This job runs daily at midnight. |
| Maintenance | Schedule SSL Jobs | Periodically identify and schedule SSL discovery and monitoring jobs. | This job runs every 5 minutes. |
| Other | Suspended Workflows | Periodically attempt to continue all suspended workflows that may be eligible to continue but have not done so due to locking conflicts. A locking conflict may occur if two users attempt to provide input to a workflow instance (e.g. approve a request) at exactly the same time. | This job runs daily at midnight. |
| Maintenance | Sync Templates | Periodically synchronize certificate templates from the source (e.g. Active Directory) to pick up new templates. | This job runs every hour. |
| Maintenance | Stats Update | Periodically run the Microsoft SQL update statistics function in the Keyfactor Command database. |
This job runs monthly on the first day of the month at 1:00 am. |
| Maintenance | Workflows Cleanup | Periodically remove any completed workflow instances (both successful and failed) in the Keyfactor Command database that have aged X number of days past the completion date (last modified date), where X is defined by the Workflow Instance Cleanup Days application setting (see Application Settings: Console Tab). The default value is 14 days. | This job runs daily at midnight. |
| Alerts | CA Health | Periodically send email alerts when a CA is not responding. | The schedule for this is user configurable (see Certificate Authority Monitoring). |
| Alerts | CA Threshold | Periodically send email alerts when a CA is issuing certificates or experiencing issuance failures outside of the established norms. | The schedule for this is user configurable (see Advanced Tab). |
| Alerts | CRL | Periodically send email alerts for certificate revocation lists (CRLs) that are approaching expiration. | The schedule for this is user configurable (see Adding or Modifying a Revocation Monitoring Location). |
| Alerts | Expiration Alerts |
Periodically send email alerts for certificates approaching expiration. |
The schedules for these are user configurable. See Configuring an Expiration Alert Schedule. |
| Alerts | Issued Alerts | Periodically send email alerts (typically to certificate requesters) for certificate requests made using a certificate template that requires manager approval that have been approved. | The schedule for this is user configurable (see Configuring an Issued Request Alert Schedule).. |
| Alerts | Pending Alerts |
Periodically send email alerts (typically to certificate approvers) for certificate requests made using a certificate template that requires manager approval. |
The schedules for these are user configurable. See Configuring a Pending Request Alert Schedule. |
| Other | Query Items | Periodically populates a cache of which certificates are in which collection in the database. This is used in for the workflow step types: Certificate Entered Collection and Certificate Left Collection | Runs every 10 minutes (see Workflow Definition Operations) |
| Other | Reporting | Deliver regularly scheduled reports via email or saved to a file system. | The schedules for these are user configurable (see Reports). |
| Alerts | SSH Key Rotation Alerts | Periodically send email notifications to SSH key users and/or administrators when a key is nearing the end of the key lifetime. | The schedule for this is user configurable (see Configuring a Key Rotation Alert Schedule). |
| Alerts | Agent Notification Alert | Periodically runs a job that checks if an orchestrator has not checked in between job runs and sends an email notification as per settings in Application Settings: Agents Tab. | This is configurable at Application Settings: Agents Tab |
| Certificate Authority | CA Sync | Periodically synchronize certificates from certificate authorities. | The schedules for this are user configurable (see Certificate Authorities). |
| Alerts | Collection Query Alerts | Periodically update the temporary tables that store information on which certificates are in which certificate collections. These temporary tables (caches) are used to support faster processing of some systems. | This value is user configurable with an application setting (see Application Settings: Console Tab). The default is 20 minutes. |
| n/a | Concurrent Workflows | Sets the batch size used when suspended workflows are run by the Keyfactor Command service. Also used when running certificate entered collection and certificate left collection workflows to limit the number of certificates flowing through the workflow for each instance of the workflow initiated by the service. | The default value is 1000. |