Universal Orchestrator

AWS Certificate Manager (ACM) Orchestrator

The AWS ACM Orchestrator supports Inventory and Management of certificates in the AWS Certificate Manager. It supports three methods of authentication: Environmental Credentials loaded via the AWS SDK e.g. inside an EC2 instance; IAM User Credentials for assuming a Role as a specific user; OAuth-based Credentials to authenticate with an OAuth provider to assume a Role.

Github Repository

Akamai Certificate Provisioning System (CPS)

The Akamai Certificate Provisioning System (CPS) Orchestrator is capable of inventorying existing certificates on the Akamai platform, and performing enrollments and renewals of certificates with keys generated on the Akamai system.

Github Repository

Azure App Registration and Enterprise Application Orchestrator

The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure App Registration/Application certificates and Enterprise Application/Service Principal certificates.

Github Repository

Azure Application Gateway Orchestrator

The Azure Application Gateway Orchestrator Extension is an extension to the Keyfactor Universal Orchestrator that allows for the management of certificates on Azure Application Gateways, including the ability to add and bind certificates to HTTPS listeners.

Github Repository

Azure Key Vault Orchestrator

This integration allows the orchestrator to act as a client with access to an instance of the Azure Key Vault; allowing you to manage your certificates stored in the Azure Keyvault via Keyfactor.

Github Repository

Cisco Asa Orchestrator

The Cisco Asa Orchestrator will manage certificates on the Cisco Asa Device.

Github Repository

Citrix Netscaler Universal Orchestrator

Orchestrator to manage certificates and keys on one to many VServers in Netscaler. The integration supports Enrollment, Renewal, Inventory and Remove from Store.

Github Repository

DataPower Orchestrator

The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported. This integration can add/replace certificates in any domain\directory combination.

Github Repository

F5

The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, Inventory, and Management functions are supported.

Github Repository

F5 BigIQ

The F5 Big IQ Orchestrator allows for the remote management of F5 Big IQ certificate stores. Inventory, Management, and Reenrollment functions are supported.

Github Repository

Fortanix

The Fortanix orchestrator extension allows for the inventory of certificates in Fortanix stores. Only Inventory is supported. The orchestrator extension uses the Fortanix API library to perform this function..

Github Repository

GCP Apigee

Apigee is a Google Cloud Platform (GCP) software product for developing and managing APIs. The remote GCP Apigee Orchestrator allows for the remote management of Apigee certificate stores. Inventory and Management functions are supported. The Orchestrator performs operations utilizing the Apigee REST API.

Github Repository

GCP Load Balancer

The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores. Inventory, Management-Add, and Management-Remove functions are supported. Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates). The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1) to manage stores.

Github Repository

Google Cloud Provider Certificate Manager

Google Certificate Manager Orchestrator for Add, Remove and Inventory.

Github Repository

Imperva

The Imperva Orchestrator Extension allows for the management of SSL certificates bound to web sites managed by the Imperva cloud-based firewall.

Github Repository

Kubernetes Orchestrator Extension

The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. The following types of Kubernetes resources are supported: kubernetes secrets of kubernetes.io/tls or Opaque and kubernetes certificates certificates.k8s.io/v1

Github Repository

Orchestrator Extension for Alteon Load Balancer

The Alteon Load Balancer integration allows you to manage certificates within the Alteon Load Balancer device.

Github Repository

Orchestrator Extension for Hashicorp Vault

The Hashicorp Vault Orchestrator extension allows you to manage certificates in Hashicorp Vault KeyValue secrets engine and perform inventory on certificates stored in the PKI or Keyfactor secrets engines.

Github Repository

Palo Alto Orchestrator

The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.

Github Repository

Remote File

The Remote File Orchestrator allows for the remote management of file-based certificate stores. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by first converting the certificate store into a BouncyCastle PKCS12Store.

Github Repository

Remote JKS

PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.

The remote JKS Orchestrator Extension allows for the remote management of Java Key Stores. Discovery, Inventory, and Management functions are supported. The orchestrator extension performs operations by issuing remote commands over SSH to Linux based systems and WinRM to Windows based systems.

Github Repository

Remote PEM / PKCS12

PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.

The remote PEM / PKCS12 Orchestrator allows for the remote management of PEM and PKCS12 based certificate stores. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by issuing remote commands over SSH to Linux based systems and via WinRM to Windows based systems.

Github Repository

Remote PEMChain

The remote PEMChain Orchestrator allows for the remote management of PEM based certificate stores specifically with the full certificate chain in the PEM file. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by issuing remote commands over SSH to Linux based systems and via WinRM to Windows based systems. Currently this extension is only intended for use with the Keyfactor Universal Orchestrator installed on a Windows server.

Remote PKCS12

PLEASE NOTE: This integration has been deprecated and replaced by The RemoteFile Orchestrator Extension - https://github.com/Keyfactor/remote-file-orchestrator.

The PKCS12 orchestrator extension allows a user to discover, inventory and manage (both add and remove) PKCS12 certificate stores on both Windows and Linux servers.

Github Repository

Signum Orchestrator Extension

The Signum Orchestrator Extension allows for the Inventorying of Signum private certificates. Discovery, Managment, and ReEnrollment are NOT supported in this integration. A Signum instance must be installed to use this integration along with the ability to consume Signum SOAP-based API endpoints using basic authentication.

Github Repository

VMware NSX Advanced Load Balancer (Avi)

The VMware NSX Advanced Load Balancer (formerly Avi Vantage) Orchestrator allows for the management of certificates stored in the VMware NSX ALB solution. Application, System, and CA cert types are supported. Inventory, Management, and Renewal functions are supported.

Github Repository

WinCertStore Orchestrator

The Windows Certificate Store Orchestrator Extension implements two certificate store types. 1) "WinCert" which manages certificates in a Windows local machine store, and 2) "IISU" which manages certificates and their bindings in a Windows local machine store that are bound to Internet Information Server (IIS) websites. These extensions replace the now deprecated "IIS" cert store type that ships with Keyfactor Command. The "IISU" extension also replaces the "IISBin" certificate store type from prior versions of this repository. This orchestrator extension is in the process of being renamed from "IIS Orchestrator" as it now supports certificates that are not in use by IIS.

Github Repository

a10vThunder

A10 vThunder AnyAgent allows an organization to inventory and deploy certificates in any domain that the appliance services. The AnyAgent deploys the appropriate files (.cer, .pem) within the defined directories and also performs and Inventory on the Items.

Github Repository