- View a list of certificate collections.
- Change whether or not the collections show on the Navigator
The Keyfactor Command top-level dropdown menu. Certificate collections and reports can be configured to be added to these dropdowns using user-defined Show in Navigator settings., or change their order. - View and/or change whether or not the collections show on the dashboard widget (see Dashboard: Collections).
- View and/or change permissions for specific collections.
- Delete a certificate collection.
- View the number of certificates processed for each collection and the last processing time.
- Search for specific certificate collections from the list (see Using the Collection Management Search Feature).
-
View all the certificates in a collection (by being redirected from here to a view of certificate search for this collection).
A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. to manage your PKI A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. health (see Workflow Definitions).
Figure 63: Certificate Collection Management
Certificate Collection Management Operations
To open the Certificate Collection Management grid, browse to Certificates > Collection Management in the Management Portal.
The Certificate Collection Management page includes the following collection action buttons from the grid header:
- View
Highlight a row in the collection management grid and click View at the top of the grid, or choose View from the right-click menu, to be taken to a new window with the list of certificates filtered for the specific criteria of that collection.
- Delete
To delete a collection, highlight the row in the collection management grid and click Delete at the top of the grid or choose Delete from the right-click menu. You will receive a Confirm Operation message. Click OK to delete.
Figure 64: Delete Certificate Collection
- Show on Dashboard/Remove from Dashboard
To change whether or not a collection appears on the dashboard in the Collections panel, highlight the row in the collection management grid and click Show on Dashboard or Remove from Dashboard (depending on that collection's current state) at the top of the grid, or choose the action from the right-click menu. For a Show on Dashboard action you will receive a confirmation message to remind you that only 25 collections can show on the dashboard. Click OK to add the collection to the dashboard, which toggles Yes in the On Dashboard grid column. Selecting Remove from Dashboard will remove the collection from the dashboard, which toggles No in the On Dashboard grid column, with no confirmation message.
Figure 65: Show Certificate Collection
-
Navigation Order
To change the order and/or the list of collections which show on the Navigator, click Navigation Order at the top of the grid. This will open the Collection Order in Navigator dialog, from which you can define the order and/or the list of the collections that are displayed on the Navigator.
This display has a search bar and three columns. A maximum of 25 collections can be displayed on the Navigator.
-
The checkbox column is used to select the row to perform an action upon. Only one row at a time may be selected.
-
The untitled column shows the collections' order position.
-
The collections column displays the name of the collection.
The Collection Order in Navigator dialog pre-populates the grid with the collections in their current order.
-
Search for a collection to add box - As you click in the search box, or begin to type the name of the collection, a list of available collections (those not yet on the showing on Navigator) will display for you to choose from.
-
Add adds to the Navigator the collection specified by the search box input, unless it already has been added. An error will display if the collection is already in the Navigator. Once a collection is added a Collection Added message will display. The added collection will display at the end of the ordered list.
-
Click the checkbox of the selected collection and click:
-
Remove to delete the collection from display on the Navigator.
-
Move Top to move it to the top of the list.
-
Move Bottom to move it to the bottom of the list.
-
Move Up move it up one line.
-
Move Down move it down one line.
-
Upon Save the Navigator's collections list refreshes to reflect the new collection ordering. Upon Close, if there are unsaved changes you are prompted with a confirmation dialog.
Figure 66: Order Certificate Collection
Tip: If a custom sort order is not defined, the collections display in the order in which they were created.Note: This does not affect the sort order for the collections displayed on the dashboard. That is controlled separately using dashboard settings (see Dashboard: Collections). -
Keyfactor Command Auto-Created Collections
Several collections are created automatically when Keyfactor Command is installed.
- Certificates Expiring in 7 Days
This collection uses the special %TODAY% value in place of the current date to create a collection that can be used on any day to find the certificates that will expire within the next week. Only active certificates are included in this collection. The query for this collection is:ExpirationDate -ge "%TODAY%" AND ExpirationDate -le "%TODAY+7%" AND CertState -eq "1" - Certificates with Weak Encryption
This collection uses a variety of key type The key type identifies the type of key to create when creating a symmetric or asymmetric key. It references the signing algorithm and often key size (e.g. AES-256, RSA-2048, Ed25519)., key size The key size or key length is the number of bits in a key used by a cryptographic algorithm., and signing algorithm queries to produce a collection that returns active certificates that have weak encryption. The query for this collection is:((SigningAlgorithm -contains "SHA 1" OR SigningAlgorithm -contains "SHA1" OR SigningAlgorithm -contains "SHA-1") OR (SigningAlgorithm -contains "MD") OR (KeyType -eq 3 AND KeySize -lt 224) OR (KeyType -eq 1 AND KeySize -lt 2048)) AND CertState -eq "1" - My Certificates
This collection uses the special %ME% value in place of a specific user name to create a collection that any user can use to find the certificates on which they were the requester. The query for this collection is:NetBIOSRequester -eq "%ME%"Note: Certificate collections saved using the %ME% value are not supported for use in reports or on the dashboard. - Revoked Certificates
This collection returns revoked certificates by querying for certificates that have a non-null revocation date. The Include Revoked box is automatically checked for this collection when run. The query for this collection is:RevocationDate -ne NULL - Self-Signed Certificates
This collection returns all certificates that are self-signed. In environments with no certificates imported from external sources (e.g. SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scanning), this would typically just be CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. certificates. The query for this collection is:SelfSigned -eq true
) next to the You can also find the help icon (
) at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.
Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).