SQL Server
Keyfactor Command uses a Microsoft SQL Server database to store configuration and synchronized certificate information. Standard edition or above of SQL Server is required. In a production implementation, Keyfactor recommends that SQL Server be installed on a separate server from the Keyfactor Command roles.
Although you can implement a SQL server especially for Keyfactor Command, in many environments an existing shared SQL server or cluster is used. Keyfactor Command creates one database with a user-defined name and can successfully co-exist with other databases in the same SQL instance.
SQL should be installed with a case-insensitive collation setting.
Connecting to SQL over SSL
By default, Keyfactor Command connects to SQL using an encrypted connection. This requires configuration of an SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificate on your SQL server.
If your SQL server is not configured correctly for SSL, you'll see an error message similar to the following when you try to make a connection from Keyfactor Command:
Log message will look something like:
2022-09-09 11:35:13.0142 CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel [Error] - Unable to establish a connection to the database server. Please ensure that the server name is correct and sufficient privileges have been granted to the connection account. 2022-09-09 11:35:13.0142 CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel [Error] - Encountered an invalid or untrusted certificate and could not connect to the database. TLS encryption is enabled by default. Please visit 'Planning and Preparing --> SQL Server' in the Keyfactor Installing Server guide to resolve this. at CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel.a(Object A_0, RunWorkerCompletedEventArgs A_1) A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
To acquire a new SSL certificate or check for an existing certificate, see Using SSL to Connect to SQL Server.
If you would prefer not to use an encrypted channel for your connection to SQL, see Configurable SQL Connection Strings.
Database Encryption
Keyfactor Command uses Microsoft SQL Server column encryption with the ENCRYPTBYKEY and DECRYPTBYKEY cryptographic functions to protect sensitive data. The type of data protected in this way includes:
- Service account credentials
- SMTP Short for simple mail transfer protocol, SMTP is a protocol for sending email messages between servers. credentials
- Certificate store passwords
- Certificate and pending certificate request private keys
- API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. secrets
- The 64-byte key used to sign audit log records
SQL encryption is built in to the product and cannot be disabled. In addition to SQL encryption, Keyfactor Command offers optional application-level encryption. This option allows you to encrypt select sensitive data stored in the Keyfactor Command database using a separate encryption methodology utilizing a Keyfactor Command-defined certificate on top of the SQL server encryption. This additional layer of encryption protects the data in cases where the SQL Server master keys cannot be adequately protected. For more information, see Application-Level Encryption.
Database Backup
Backup of the SQL server Database Master Key (DMK) for the Keyfactor Command database is of critical importance in database backup and recovery operations. The backup file of the DMK and the password for it should be stored in a safe, well-documented location. Without the file and password created with this process, some data that is encrypted within the Keyfactor Command database will be unrecoverable in a disaster recovery scenario.
High Availability
For a highly available solution, Keyfactor recommends using always on availability groups. The availability groups feature of SQL Server sits on top of Windows Server failover clustering and provides the ability to automatically synchronize multiple copies of databases across geographically dispersed SQL Servers. Although the availability groups feature relies on Windows clustering, it does not require shared storage, so it is appropriate for a geo-redundant deployment. The availability groups feature is the current recommended solution from Microsoft. Because Keyfactor Command makes use of SQL database encryption, when availability groups are configured, the Keyfactor Command service master key (SMK) must be synchronized between all participating nodes in the availability group. This can be accomplished by backing up the SMK from one SQL server and restoring it to the other servers in the availability group.