Remote CA Gateway

The Keyfactor Remote CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Gateway solution by Keyfactor allows organizations to leverage existing on-premise CAs with an Azure-hosted, Keyfactor-managed instance of Keyfactor Command to issue and manage certificates across enterprise infrastructures. Out-of-the-box, Microsoft and EJBCA CAs are supported. Other CAs can be supported with the addition of a custom connector extension.

The Keyfactor Remote CA Gateway is made up of:

• The Keyfactor Remote CA Gateway Connector The Keyfactor Gateway Connector is installed in the customer forest to provide a connection between the on-premise CA and the Azure-hosted, Keyfactor managed Hosted Configuration Portal to provide support for synchronization, enrollment and management of certificates through the Azure-hosted instance of Keyfactor Command for the on-premise CA. It is supported on both Windows and Linux. and a connector extension to allow communication with a specific type of CA (e.g. Microsoft), which are installed in the on-premise forest An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. to provide a connection to an on-premise CA.
  Note:  A single gateway connector can connect to more than one on-premise CA as long as all CAs are of the same type (e.g. Microsoft).
• The Keyfactor Remote CA Service, which is Azure-hosted and managed by Keyfactor. The service receives the connection from the connector and brokers it to Keyfactor Command.
• The Keyfactor Remote CA Configuration Portal, which is Azure-hosted and managed by Keyfactor. The portal is used to configure the gateway connectors and CAs that will be made available to Keyfactor Command.

The Keyfactor Remote CA Gateway Connector runs on either Windows or Linux and can be installed either on the CA or on a separate machine on the same network. Connections to Microsoft CAs are only supported from gateway connectors running on Windows.

For a comprehensive description of the components that make up Keyfactor Command, please see the Installation and Reference Guides1 Embedded links to external documents point to the document on the Keyfactor Client Portal. Access to the portal requires a login. See your administrator or your Keyfactor Client Success representative to obtain a login to the portal. for both the server and the orchestrators and gateways that enhance the server functionality.