Using a SQL Database (Optional)

The Keyfactor SCEP server uses a database to store challenge passwords and configuration information. The default database that is implemented as part of the standard installation is a Microsoft Jet database stored on the local Keyfactor SCEP server. For Keyfactor SCEP deployments that require load balancing either due to traffic or availability requirements, the option is available to use a Microsoft SQL database for this role instead. Configuration to use a SQL database rather than a Jet database is done separately from the primary installation and configuration process—either before or after it—and is not featured in the configuration wizard.

To configure the Keyfactor SCEP server to store data in a SQL database:

  1. On the SQL server, create an empty database for Keyfactor SCEP.

  2. Grant the service account under which the Keyfactor SCEP application pool will run (see Create Service Accounts) at least db_datareader and db_datawriter permissions on the database.

    Figure 6: Set SQL Permissions

  3. Install the Keyfactor SCEP server software but do not configure it.

  4. Locate the PopulateDatabase.sql script in the Configuration directory under the installed Keyfactor SCEP server directory. By default, this file is located in the following directory:

    C:\Program Files\Keyfactor\Keyfactor SCEP Server\Configuration
  5. Copy the PopulateDatabase.sql script to the SQL server and run it on the Keyfactor SCEP database you created above.
  6. On the Keyfactor SCEP server, open a text editor (e.g. Notepad) using the "Run as administrator" option.

  7. In the text editor, browse to open the Web.config file for the Keyfactor SCEP server. By default, this file is located in the following directory:

    C:\Program Files\Keyfactor\Keyfactor SCEP Server\SCEP Server

  8. In the Web.config file near the top of the file, find the connectionStrings section and in the ChallengeDB item, add a connection string that's appropriate for your environment, referencing the SQL server name, the Keyfactor SCEP database name , and the authentication method of integrated Windows authentication.

    Figure 7: Enter a SQL Connection String

  9. In the Web.config file in the appSettings section just below the connectionStrings section, find the Keyfactor.SCEP.ChallengePassword.RepostoryType key. Change the Value for this key from ESENT to SQL.

    Figure 8: Select a Challenge Password Repository Type

  10. Save the Web.config changes.
  11. Return to the Keyfactor SCEP server installation (see Installing the Keyfactor SCEP Server) and finish the configuration.
If you prefer, you can fully complete the Keyfactor SCEP server installation and configuration using the built-in database and then switch over to using the SQL database at a later time. The SQL database configuration does not need to be done before the Keyfactor SCEP server is configured. However, configuring the SQL database settings prior to configuring the Keyfactor SCEP server will prevent the creation of the local Jet database.