Core Platform

Configuration items related to the base install and configuration of Keyfactor Command.

The following configuration items relate to the installation and configuration of the core platform components. These configuration items should be reviewed and understood prior to completion of additional configuration items.

Configuration Item	Description	Customer Requirements	Tags
Platform Install	The core Keyfactor Command Platform is to be hosted by the customer on their own infrastructure.	System Requirements Planning & Preparing	ON PREM
Universal Orchestrator Base Install	The Universal Orchestrator Service is installed locally and communicates to Command to execute SSL Discovery & Certificate Store jobs	System Requirements Preparing for the Universal Orchestrator	PKIAAS CLAAAS ON PREM
Remote CA Gateway	The Keyfactor Remote CA Gateway solution allows organizations to leverage existing on-premise CAs with an Azure-hosted, Keyfactor-managed instance of Keyfactor Command to issue and manage certificates across enterprise infrastructures.	System Requirements Preparing	CLAAAS PKIAAS
CA Connector	The Keyfactor CA Connector solution by Keyfactor allows organizations to make connections to Keyfactor Command from certificate authorities that are remote from their instance of Keyfactor Command to issue and manage certificates across enterprise infrastructures. Typically this is used to leverage existing on-premises CAs with an Azure-hosted, Keyfactor-managed instance of Keyfactor Command. Out-of-the-box, Microsoft and EJBCA CAs are supported.	System Requirements	PKIAAS CLAAAS
AnyCA Gateway Install	The AnyCA Gateway enables synchronization and enrollment access to public and third party CAs.	System Requirements Preparation	ON PREM
Cloud Enrollment Gateway	The Cloud Enrollment Gateway enables organizations to request certificates from a Keyfactor Hosted CA in the Cloud from their local network environment.	Preparing	PKIAAS
Protocol Server: ACME	Allows organizations to use ACME clients, like Certbot, to automate verification and issuance process for authenticated domains.	System Requirements Preparing	ON PREM
Protocol Server: SCEP	Allows organizations to use the SCEP protocol to enable devices to enroll for certificates using a URL and shared secret.	SCEP Server Architecture & System Requirements	ON PREM
Command CA Policy Modules	Enables organizations additional control over the functionality of a Microsoft CA. Automate the inclusion of DNS SAN matching the CN Template by Template control over inclusion of SANs values for CSR enrollments. Enable Allow Lists for given templates to enable enrollment from specific devices.	System Requirements Preparing for the Keyfactor CA Policy Module	ON PREM