Universal Orchestrator
AWS Certificate Manager (ACM) Orchestrator
The AWS ACM Orchestrator supports Inventory and Management of certificates in the AWS Certificate Manager. It supports three methods of authentication: Environmental Credentials loaded via the AWS SDK e.g. inside an EC2 instance; IAM User Credentials for assuming a Role as a specific user; OAuth-based Credentials to authenticate with an OAuth provider to assume a Role.
Akamai Certificate Provisioning System (CPS)
The Akamai Certificate Provisioning System (CPS) Orchestrator is capable of inventorying existing certificates on the Akamai platform, and performing enrollments and renewals of certificates with keys generated on the Akamai system.
Azure App Registration and Enterprise Application Orchestrator
The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure App Registration/Application certificates and Enterprise Application/Service Principal certificates.
Azure Application Gateway Orchestrator
The Azure Application Gateway Orchestrator Extension is an extension to the Keyfactor Universal Orchestrator that allows for the management of certificates on Azure Application Gateways, including the ability to add and bind certificates to HTTPS listeners.
Azure Key Vault Orchestrator
This integration allows the orchestrator to act as a client with access to an instance of the Azure Key Vault; allowing you to manage your certificates stored in the Azure Keyvault via Keyfactor.
Cisco Asa Orchestrator
The Cisco Asa Orchestrator will manage certificates on the Cisco Asa Device.
Citrix Netscaler Universal Orchestrator
Orchestrator to manage certificates and keys on one to many VServers in Netscaler. The integration supports Enrollment, Renewal, Inventory and Remove from Store.
DataPower Orchestrator
The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported. This integration can add/replace certificates in any domain\directory combination.
F5
The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, Inventory, and Management functions are supported.
F5 BigIQ
The F5 Big IQ Orchestrator allows for the remote management of F5 Big IQ certificate stores. Inventory and Management functions are supported.
Fortanix
The Fortanix orchestrator extension allows for the inventory of certificates in Fortanix stores. Only Inventory is supported. The orchestrator extension uses the Fortanix API library to perform this function..
GCP Apigee
Apigee is a Google Cloud Platform (GCP) software product for developing and managing APIs. The remote GCP Apigee Orchestrator allows for the remote management of Apigee certificate stores. Inventory and Management functions are supported. The Orchestrator performs operations utilizing the Apigee REST API.
GCP Certificate Manager
GCP Certificate Manager Orchestrator for Add, Remove and Inventory.
GCP Load Balancer
The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores. Inventory, Management-Add, and Management-Remove functions are supported. Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates). The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1) to manage stores.
Imperva
The Imperva Orchestrator Extension allows for the management of SSL certificates bound to web sites managed by the Imperva cloud-based firewall.
Kubernetes Orchestrator Extension
The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. The following types of Kubernetes resources are supported: kubernetes secrets of kubernetes.io/tls or Opaque and kubernetes certificates certificates.k8s.io/v1
Orchestrator Extension for Alteon Load Balancer
The Alteon Load Balancer integration allows you to manage certificates within the Alteon Load Balancer device.
Orchestrator Extension for Hashicorp Vault
The Hashicorp Vault Orchestrator extension allows you to manage certificates in Hashicorp Vault KeyValue secrets engine and perform inventory on certificates stored in the PKI or Keyfactor secrets engines.
Palo Alto Orchestrator
The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.
Remote File
The Remote File Orchestrator allows for the remote management of file-based certificate stores. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by first converting the certificate store into a BouncyCastle PKCS12Store.
Remote JKS
PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.
The remote JKS Orchestrator Extension allows for the remote management of Java Key Stores. Discovery, Inventory, and Management functions are supported. The orchestrator extension performs operations by issuing remote commands over SSH to Linux based systems and WinRM to Windows based systems.
Remote PEM / PKCS12
PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.
The remote PEM / PKCS12 Orchestrator allows for the remote management of PEM and PKCS12 based certificate stores. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by issuing remote commands over SSH to Linux based systems and via WinRM to Windows based systems.
Remote PEMChain
The remote PEMChain Orchestrator allows for the remote management of PEM based certificate stores specifically with the full certificate chain in the PEM file. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by issuing remote commands over SSH to Linux based systems and via WinRM to Windows based systems. Currently this extension is only intended for use with the Keyfactor Universal Orchestrator installed on a Windows server.
Remote PKCS12
PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.
The PKCS12 orchestrator extension allows a user to discover, inventory and manage (both add and remove) PKCS12 certificate stores on both Windows and Linux servers.
Signum Orchestrator Extension
The Signum Orchestrator Extension allows for the Inventorying of Signum private certificates. Discovery, Managment, and ReEnrollment are NOT supported in this integration. A Signum instance must be installed to use this integration along with the ability to consume Signum SOAP-based API endpoints using basic authentication.
VMware NSX Advanced Load Balancer (Avi)
The VMware NSX Advanced Load Balancer (formerly Avi Vantage) Orchestrator allows for the management of certificates stored in the VMware NSX ALB solution. Application, System, and CA cert types are supported. Inventory, Management, and Renewal functions are supported.
WinCertStore Orchestrator
The Windows Certificate Store Orchestrator Extension implements two certificate store types. 1) "WinCert" which manages certificates in a Windows local machine store, and 2) "IISU" which manages certificates and their bindings in a Windows local machine store that are bound to Internet Information Server (IIS) websites. These extensions replace the now deprecated "IIS" cert store type that ships with Keyfactor Command. The "IISU" extension also replaces the "IISBin" certificate store type from prior versions of this repository. This orchestrator extension is in the process of being renamed from "IIS Orchestrator" as it now supports certificates that are not in use by IIS.
a10vThunder
A10 vThunder AnyAgent allows an organization to inventory and deploy certificates in any domain that the appliance services. The AnyAgent deploys the appropriate files (.cer, .pem) within the defined directories and also performs and Inventory on the Items.