Create or Identify Certificate Templates or Profiles

The Keyfactor Remote CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Gateway uses certificate templates or profiles from the on-premise CA that match templates hosted in the managed forestClosed An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. to support enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). for certificates through the Keyfactor Remote CA Gateway. When you enroll for a certificate in the managed instance of Keyfactor Command, you make a request using the managed forest templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. and the corresponding on-premise certificate template or profile is used. Template mappings are configured in the Keyfactor Remote CA Configuration Portal. No synchronization of templates occurs between the on-premise and managed environments. Before you configure the Keyfactor Remote CA Gateway ConnectorClosed The Keyfactor Gateway Connector is installed in the customer forest to provide a connection between the on-premise CA and the Azure-hosted, Keyfactor managed Hosted Configuration Portal to provide support for synchronization, enrollment and management of certificates through the Azure-hosted instance of Keyfactor Command for the on-premise CA. It is supported on both Windows and Linux. in the configuration portal, you need to create new or identify existing templates or profiles that will be used for enrollment in the managed environment.

Microsoft CAs

For Microsoft CAs, templates are stored in Active Directory. You will need a list of the template names (vs template display names) of the templates that will be used when configuring the Keyfactor Remote CA Configuration Portal.

EJBCA CAs

For EJBCA CAs, you will need a list of the certificate profiles configured as available on the profile of the end entity that you will use to make the connection from the gateway connector (see Keyfactor Remote CA Configuration Portal CA Connection Account).

Tip:  If Keyfactor has upgraded your hosted instance to be compatible with Keyfactor Command version 10 or higher, you will need both the certificate profile name and the end entity profile name handy.