Start the Gateway Services

The CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. gateway service runs on the Keyfactor Cloud Gateway server and manages communications between clients in the local environment and the Keyfactor Gateway Receiver for certificate synchronization and enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA).. At the conclusion of the configuration for the gateway, the main gateway service should start automatically. If you need to stop or restart the service:

  1. On the Keyfactor Cloud Gateway server, open the Services MMC.

  2. In the Services MMC confirm that the CA gateway service is set to a Startup Type of Automatic (if desired). If the service is not running, click the green arrow to start it. The service name for the main gateway service is:

    Keyfactor Managed CA Gateway

    In addition to the main gateway service, you will also see the Keyfactor Managed CA Sync Service. This service should only be started if you have opted to configure account (user and group) and/or templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. synchronization (see Create or Identify Accounts for Synchronization (Optional) and Create or Identify Templates).

Important:  If you are using clustering, you should use the Microsoft Failover Cluster Manager to start and stop the role rather than starting and stopping the service through the Services MMC.
Tip:  The gateway services are installed to run as Network Service. If you need to run the services as an alternate service account, update the service account as follows:

  1. Open a command prompt using the “Run as administrator” option.

  2. In the command prompt, type the following to unmap 8051 from Network Service so that you may add your custom service account:

    netsh http delete urlacl url=http://+:8051/
    netsh http add urlacl url=http://+:8051/ user="KEYEXAMPLE\svc_kyfgateway"

  3. Open the Registry Editor:

    regedit

  4. Navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Keyfactor\Keyfactor CA Gateway

  5. Right-click on Keyfactor CA Gateway and choose Permissions... .

  6. Add the service account user you referenced in step 2, and grant the user Full Control permission.

  7. Open the Services MMC.

  8. In the Services MMC, locate the gateway service:

    Keyfactor Managed CA Gateway

  9. Right-click the gateway service name and select Properties.

  10. In the Properties dialog on the Log On tab, Browse to locate the service account you referenced in step 2, enter the password for the service account, and click OK.

    Note:  You will see a notification that the service account has been granted Log On As A Service permissions.

  11. If desired, repeat steps 8-10 for the sync service:

    Keyfactor Managed CA Sync Service
Note:  On upgrade, this information will not be retained and will need to be reconfigured.

If you need to reverse the custom service account and set it back to Network Service, follow the same steps as above but with these netsh commands:

netsh http delete urlacl url=http://+:8051/
netsh http add urlacl url=http://+:8051/ user="Network Service"