Add Certificate

The add certificate tool is typically used to import certificates that are not brought in either via CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. synchronization or by certificate store scans. The tool supports importing certificates with the following formats and extensions:

This tool has several purposes, including:

If you import a certificate that has either already been imported via a synchronization task or has been manually imported previously, the certificate will not be re-imported. You will receive a notification message, when you save it, if the certificate already exists in the Keyfactor Command database. Any metadataClosed Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. currently stored in the database for that certificate will be displayed in the metadata fields on the page (for .cer and .crt format certificates), and any changes you make to the metadata on this page will overwrite the existing metadata for the certificate when you complete the import (for all certificate formats).

To use the add certificate tool

  1. In the Management Portal, browse to Certificates > Add Certificate.
  2. In the Add Certificate section of the page, click the Upload button to open a browse window.
  3. In the browse window, browse to select the certificate you wish to import.
  4. For a .pfx or .p12 file, when prompted enter the password for the file and Save. This will open the Add Certificate page, which will allow you to change/add metadata and choose certificate locations to deploy the certificate to. Set PFX Password allows you to reenter the password once you have uploaded the certificate.

    Figure 52: Add Certificate Password for PFX/p12

  5. In the Certificate/PFX Details section of the page, review the certificate information.

    Figure 53: Add Certificate Information

  6. In the Metadata section of the page, populate the metadata fields as appropriate for the certificate. Metadata fields that have been designated as required on a system-wide or templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.-level basis will be marked with *Required.

    Figure 54: Add Certificate Metadata

  7. In the Certificate Owner section of the page, select an owner for the certificate, if appropriate. The optional certificate owner is a security role defined in Keyfactor Command (see Security Roles and Claims). If the user assigning the owner is an administrator, the Owner Role Name will be a search select field in which to enter the new certificate owner. To narrow the list of results in the search select field, begin typing a search string in the search field. If the user assigning the owner is a limited access user, the Owner Role Name will be a dropdown. Only security roles of which the user is a member will appear in the dropdown.

    Figure 55: Add Certificate Owner

    Note:  If the certificate being imported, or one of the certificates in its chain, already exists in the Keyfactor Command database and has an assigned certificate owner to which the user making the import request does not belong, the certificate owner will not be changed.
  8. In the Install into Certificate Locations section of the page, select each certificate store location to which you want to distribute the certificate, if desired. To do this, click the Include Certificate Stores button. This will cause the Select Certificate Store Locations dialog to appear. Make your certificate store selections in this dialog as described in Select Certificate Store Locations, below, and click Include and Close. You will then see some additional fields on the page. Populate these as per Add to Certificate Stores and Information Required for Certificate Stores, below.

  9. Click Save to import the certificate to Keyfactor Command
Note:  When you import a certificate containing a private key (a .pfx or .p12 file), the private key for that certificate is stored in the Keyfactor Command database. Users with limited permissions to the Add Certificate function may have permissions to upload certificates but not store private keys. If a user with this permission model uploads a certificate containing a private key, the certificate itself will be imported (if it does not already exist in the database), but the private key will not be stored. The user will receive a message indicating this. For more information about setting permissions for importing certificates, see Security Roles and Claims.
Tip:  Click the help icon () next to the Add Certificate page title to open the Keyfactor Software & Documentation Portal to this section. You will receive a prompt indicating:

You are being redirected to an external website. Would you like to proceed?

You can also find the help icon () at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.

Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).