Change Service Account Passwords

The process for changing the passwords for the service accounts used by the CA ConnectorClosed The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client varies for the different service accounts (see Create Service Accounts for the Keyfactor CA Connector). If you’re changing the service account name and/or password of the account used to run the Keyfactor CA Connector Service, begin with step 1. If you’re only changing the secret of the client used to make the connection to Keyfactor Command, skip to step 4.

Note:  This script applies to CA Connector Clients on Windows only. There is not a change password script for Linux-based connectors because there is not an encrypted file storing the service account information.

To change service account passwords and use the change secret script:

  1. On the CA Connector Client server, open the Services MMC.
  2. In the Services MMC locate the Keyfactor CA Connector Service.

    Figure 684: Keyfactor CA Connector Service

  3. Open Properties for the service and on the Log On tab, change the service account and/or account password.
  4. Open a PowerShell window using the “Run as administrator” option.

  5. Change to the directory in which you installed the CA Connector Client. By default, this is:

    C:\Program Files\Keyfactor\Keyfactor CA Connector

  6. Load the client secret used for the service account to connect to your Keyfactor Command into a variable:

    $clientSecret = ConvertTo-SecureString -Force -AsPlainText 'MyTokenSecret'
    Note:  This is necessary even if you aren't changing this value because this value is used to encrypt the secrets files where service account secrets are stored.

  7. Execute the change secrets script. For example, with the default install location for the connector:

    .\change_secrets.ps1 -SecretsPath "C:\Program Files\Keyfactor\Keyfactor CA Connector\secretappsettings.json" -ClientSecret $clientSecret

    The -SecretsPath parameterClosed A parameter or argument is a value that is passed into a function in an application. points to the file where the encrypted secrets are stored.

  8. Output from successful completion of this command should look like (the path to the secretappsettings.json file will vary depending on your install location for the connector):

    Saved secrets to 'C:\Program Files\Keyfactor\Keyfactor CA Connector\secretappsettings.json'
Restarting service KeyfactorCAConnector-Default