Keyfactor ACME Command Line Tool
The Keyfactor ACME command line tool (KeyfactorACMEConfig.exe) is the user interface to the Keyfactor ACME server. It has functions shown in Table 4: KeyfactorACMEConfig.exe Commands.
Table 4: KeyfactorACMEConfig.exe Commands
| Command | Function |
|---|---|
| configure |
|
| identifiers | Add, list, and revoke Keyfactor ACME identifier pre-authorizations. |
| encryption | View or update the existing encryption certificate thumbprint. |
| list | List all accounts. |
| revoke | Remove identifiers or accounts from the list of valid identifiers or accounts. |
| unrevoke | Reinstate identifiers or accounts to the list of valid identifiers or accounts. |
| claims |
|
| settings | Manage any Keyfactor ACME configuration settings, including the use of wildcards for enrollment. |
| help | Display more information on a specific command. |
| version | Display version information. |
Tip: Run the Keyfactor ACME commands at the command line or in a regular PowerShell window, NOT using the PowerShell ISE (as it does not have support for the Console class).
Note: With Windows Authentication for SQL, the Windows application pool user is used to login to, and is granted permissions to access, the SQL Server and the Keyfactor ACME database.
Note: When using SQL Authentication to configure an Keyfactor ACME server, the current user and the application pool user become the only users that can run any of the Command Line Tool commands. This is because Keyfactor ACME encrypts the SQL connection strings and grants the current user and application pool user read access. All of the actions within the database are done as the application pool user, as per the functionality of the application, so the application pool user needs and gets access. The current user also gets access so they can run any command in the configuration tool, because if they did not, only the application pool user, who is not a logged in user, would have access.