The CA Connector
The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client uses an OAuth 2.0 access token to make a connection to Keyfactor Command. This access token consists of four components:
-
Scope: The scope is the mechanism by which the CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Connector Client makes a request for the specific access that it needs. Not all OAuth solutions make use of a scope, so this value is not required. -
Authentication URL: The authentication URL is a URL to the service providing OAuth authentication.
-
Client ID: The client ID is a string issued by the authentication provider that identifies the application authenticating. Depending on the OAuth solution, this may be something long and not guessable.
-
Client Secret: The client secret is a secret shared between the components of the Keyfactor CA Connector implementation and the authentication provider. This secret should be handled securely.
The person performing the CA Connector Client installation will need these pieces of information. If you’re using a managed instance of Keyfactor Command, these should be provided by your Keyfactor representative.