Orchestrator Auto-Registration Settings

Important:  OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. auto-registration in Keyfactor Command is only supported when using Active Directory as an identity provider (see Selecting an Identity Provider for Keyfactor Command). If you need auto-registration with an identity provider other than Active Directory, see Custom Auto-Registration Handlers.

The Orchestrator Auto-Registration Settings grid shows the current auto-registration settings for any defined certificate store job types, including those for Keyfactor custom-built extensions. The list you will see in your implementation will vary and may include:

Auto-register the Keyfactor Windows OrchestratorClosed The Windows Orchestrator, one of Keyfactor's suite of orchestrators, is used to manage synchronization of certificate authorities in remote forests, run SSL discovery and management tasks, and interact with Windows servers as well as F5 devices, NetScaler devices, Amazon Web Services (AWS) resources, and FTP capable devices, for certificate management. In addition, the AnyAgent capability of the Windows Orchestrator allows it to be extended to create custom certificate store types and management capabilities regardless of source platform or location. to allow it to synchronize certificates from AWS locations.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Windows Orchestrator to allow it to manage certificates on and deliver certificates to AWS locations.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. to allow it to synchronize certificates from Citrix NetScaler devices.

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to manage certificates on and deliver certificates to Citrix NetScaler devices.

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. bundles on the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize CA bundles from the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to manage CA bundles on and deliver certificates to CA bundles on the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Windows Orchestrator to allow it to synchronize certificates from the F5 device(s).

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Windows Orchestrator to allow it to manage certificates on and deliver certificates to the F5 device(s).

This certificate store type has been deprecated and is no longer in use.

Setting reserved for future use.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificates on the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize SSL certificates from the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to manage SSL certificates on and deliver certificates to the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize device certificates from the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to manage device certificates on and deliver certificates to the F5 device(s).

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Windows Orchestrator or Keyfactor Universal Orchestrator to allow it to synchronize certificates from PEMClosed A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. certificate stores on FTP capable devices.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Windows Orchestrator or Keyfactor Universal Orchestrator to allow it to manage certificates on and deliver certificates to PEM certificate stores on FTP capable devices.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize certificates from the machine certificate stores of Windows servers.

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to manage certificates in and deliver certificates to the machine certificate stores of Windows servers and optionally bind the certificates to Internet Information Services (IIS) web sites.

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Universal Orchestrator to allow it to re-enroll for certificates in and deliver certificates to the machine certificate stores of Windows servers and optionally bind the certificates to Internet Information Services (IIS) web sites.

This type is user-defined for a Keyfactor custom-built extension publicly available on GitHub (see Installing Custom-Built Extensions).

Auto-register the Keyfactor Windows Orchestrator or Keyfactor Universal Orchestrator to allow it to synchronize certificates from the machine certificate stores of Windows servers.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Windows Orchestrator or Keyfactor Universal Orchestrator to allow it to manage certificates in and deliver certificates to the machine certificate stores of Windows servers and optionally bind the certificates to Internet Information Services (IIS) web sites.

This certificate store type has been deprecated and is no longer in use.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Java AgentClosed The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. to allow it to run discovery tasks to locate Java keystores.

Auto-register the Keyfactor Java Agent to allow it to inventory certificates in Java keystores.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Java Agent to allow it to manage (add/remove) certificates in Java keystores.

Auto-register users on Apple Macintosh computers running the Keyfactor Mac Auto-EnrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). Agent for auto-enrollment for certificates.

Auto-register the Keyfactor Windows Orchestrator to allow it to synchronize certificates from NetScaler devices.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Windows Orchestrator to allow it to manage certificates on and deliver certificates to NetScaler devices.

This certificate store type has been deprecated and is no longer in use.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Universal Orchestrator or Native Agent to allow it to perform the fetch logs function.

Auto-register the Keyfactor Java Agent to allow it to run discovery tasks to locate PEM certificate stores. Apache servers typically use PEM certificate stores.

Auto-register the Keyfactor Java Agent to allow it to inventory certificates in PEM certificate stores.

Auto-register the Keyfactor Java Agent to allow it to manage (add/remove) certificates in PEM certificate stores.

This certificate store type has been deprecated and is no longer in use.

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize certificates from the remote CA(s) to the Keyfactor Command database.

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate DERClosed A DER format certificate file is a DER-encoded binary certificate. It contains a single certificate and does not support storage of private keys. It sometimes has an extension of .der but is often seen with .cer or .crt. certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to inventory certificates in DER certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to manage (add/remove) certificates in DER certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate JKSClosed A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption. certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to inventory certificates in JKS certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to manage (add/remove) certificates in JKS certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate PEM certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to inventory certificates in PEM certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to manage (add/remove) certificates in PEM certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to run discovery tasks to locate PKCS#12Closed A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to inventory certificates in PKCS#12 certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to manage (add/remove) certificates in PKCS#12 certificate stores.

Auto-register the Keyfactor Universal Orchestrator to allow it to synchronize templates from the remote CA(s) to the Keyfactor Command database.

Auto-register the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise. to allow it to run SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. tasks.

Auto-register the Keyfactor Universal Orchestrator to allow it to run SSL compliance tasks.

Auto-register the Keyfactor Universal Orchestrator to allow it to run SSL discovery tasks.

Auto-register the Keyfactor Universal Orchestrator to allow it to run SSL monitoring tasks.

Figure 269: Orchestrator Auto-Registration Settings Page