Keyfactor Command Web Agent Services appsetting.json File

The WebAgentServices appsettings.json configuration file allows you to change default orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. installation configuration settings.

To update the appsettings.json file:

  1. Navigate to the WebAgentServices\Configuration folder on your server, located by default at:

    C:\Program Files\Keyfactor\Keyfactor Platform\WebAgentServices\Configuration
  2. Browse to open the appsettings.json file in a text editor (e.g. Notepad) and adjust the values as needed.
  3. Save the files.

Table 83: Appsetting.json File Parameters - WebAgentServices

Setting Description
Active Directory Enforced A Boolean that indicates whether Active Directory authentication is in use for the Keyfactor Command server. This should be set to false if you are not using Active Directory. An IIS reset will be required to apply this setting if you change it.
Client Certificate Authentication

Configuration settings for client certificate authentication.

Setting Description
Enabled A Boolean that indicates that client certificate authentication is enabled on the web agent services application for this Keyfactor Command server (true) or not (false).
Check Auth Certificate Revocation Status A Boolean that indicates whether to check the revocation status of the certificate provided for client certificate authorization (true), if being used, or not (false). The default is true.
Days Before Expiration Error

An integer indicating the number of days ahead of certificate expiration that orchestrators should begin producing certificate expiration error messages. The expiration days should be a number large enough to allow the orchestrator to check in and discover that it is in the expiry window before the certificate actually expires. Once the certificate expires, renewal cannot be done. The default is 30 days.

If a certificate is in the warning period (Days Before Expiration Warning), operations will continue while a new certificate is requested. If the certificate is in the expiry period, the orchestrator will not be allowed to register a new session when the existing session expires or if the orchestrator service is restarted, but the certificate can be renewed.

Days Before Expiration Warning An integer indicating the number of days ahead of certificate expiration that orchestrators should begin producing certificate expiration warning messages.
Always Use Header Certificate A Boolean that indicates whether to use the certificate specified by the AuthenticationHeaderName (true) or not (false) if certificates are available both in the header name and the TLS session.
Authentication Header Name A string defining the authentication header name used for client certification authentication. This can be configured in the Keyfactor Command configuration wizard.
Extensions Directory

Enter the file path to the extensions to be loaded by the extension loader as a subdirectory of the WebAgentServices directory (for registration handler, workflow step, etc... support). The default value is Extensions. This translates to, for example:

C:\Program Files\Keyfactor\Keyfactor Platform\WebAgentServices\Extensions
Max Request Size Kb This application setting is only used for the Orchestrator CA Sync controller. It is used to configure the CA sync batch size. We used to just grab the maximum request size from the IIS configuration settings, but that can no longer be done in .NET 6. The default is 5000.
NLog Config File

Enter the file path to the NLog_Orchestrators.config file as a subdirectory of the WebAgentServices directory. The default is:

Configuration\\NLog_Orchestrators.config

This translates to, for example:

C:\Program Files\Keyfactor\Keyfactor Platform\WebAgentServices\Configuration\NLog_Orchestrators.config
Sql Retry Configuration SQL retry settings (seeKeyfactor Command Changing SQL Retry Settings for more information).
Setting Description
Number Of Tries The number of times it will try the connection before an exception is thrown
Delta TimeThe preferred gap time (in seconds) to delay before retry
Max Time IntervalThe maximum gap time (in seconds) for each delay time before retry

Figure 423: Sample WebAgentServices Appsettings.json File