Keyfactor recommends using HTTPS to secure the channel between each Java Agent
The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. and the Keyfactor Command server(s). This requires an SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificate configured in IIS on the Keyfactor Command server(s). This certificate can either be a publicly-rooted certificate (e.g. from Symantec, Entrust, etc.), or one issued from a private certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. (CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.). If your Keyfactor Command server is using a publicly rooted certificate, the Java Agent machine may already trust the certificate root for this certificate. However, if you have opted to use an internally-generated certificate, your Java Agent server may not trust this certificate. In order to use HTTPS for communications between the Java Agent and the Keyfactor Command server with a certificate generated from a private CA, you will need to import the certificate chain for the certificate into a Java CA certificate store on the Java Agent server. This can be done automatically as part of the installation process. You will need to have the root certificate available as a PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key.-encoded format file when you run the installation script.