{"id":25190151,"url":"https://github.com/keyfactor/windows-certstore-orchestrator","last_synced_at":"2025-04-04T11:25:37.451Z","repository":{"id":46222636,"uuid":"385686456","full_name":"Keyfactor/windows-certstore-orchestrator","owner":"Keyfactor","description":"This AnyAgent Orchestrator implementation will allow for the inventory and management of certificates in arbitrary windows certificate stores. ","archived":false,"fork":false,"pushed_at":"2021-11-05T16:26:32.000Z","size":225,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-09T21:19:01.282Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keyfactor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-13T17:36:16.000Z","updated_at":"2022-07-29T12:58:33.000Z","dependencies_parsed_at":"2022-08-31T02:41:46.243Z","dependency_job_id":null,"html_url":"https://github.com/Keyfactor/windows-certstore-orchestrator","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fwindows-certstore-orchestrator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fwindows-certstore-orchestrator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fwindows-certstore-orchestrator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fwindows-certstore-orchestrator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keyfactor","download_url":"https://codeload.github.com/Keyfactor/windows-certstore-orchestrator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247167860,"owners_count":20895016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-09T21:19:04.593Z","updated_at":"2025-04-04T11:25:37.433Z","avatar_url":"https://github.com/Keyfactor.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Windows Certificate Store Orchestrator \n## Overview\nThe Windows Certificate Store Orchestrator allows a user to inventory, add, and remove certificates from arbitrary Windows Local Machine certificate stores. \n\n## Configuration\n\n**1. In Keyfactor Command begin by creating a new Certificate Store type similar to the one below:**\n\n![](images/cert-store-type-config.png)\n\n#### STORE TYPE CONFIGURATION\nCONFIG ELEMENT\t| DESCRIPTION\n---------------------|------------------\nName\t|Descriptive name for the Store Type\nShort Name\t|The short name that identifies the registered functionality of the orchestrator. Must be **WinCerMgmt**\nNeeds Server\t|Must be checked\nBlueprint Allowed\t|Unchecked\nRequires Store Password\t|Determines if a store password is required when configuring an individual store.  This must be unchecked.\nSupports Entry Password\t|Determines if an individual entry within a store can have a password.  This must be unchecked.\nSupports Custom Alias\t|Determines if an individual entry within a store can have a custom Alias.  This must be Forbidden.\nUses PowerShell\t|Unchecked\nStore Path Type\t|Determines what restrictions are applied to the store path field when configuring a new store.  This can be Freeform or Multiple Choice. Multiple Choice will allow the administrator the ability to limit the Certificate Stores that can be managed by the orchestrator. \nStore Path Value|A comma separated list of options to select from for the Store Path. This configuration option is only available with Mulitple Choice Store Path Type. \nPrivate Keys\t|This determines if Keyfactor can send the private key associated with a certificate to the store.  This should be configured as Optional to allow for the management of certificate with and without a private key. \nPFX Password Style\t|This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store.  This can be either Default (system generated) or Custom (user determined).\nJob Types\t|Inventory, Add, and Remove are the supported job types. \nParameters\t|The following optional configuration parameters are supported. Any parameters defined here will be populated with the appropriate data when creating a new certificate store.\u003cbr/\u003e\u003ctable\u003e\u003ctr\u003e\u003cth\u003eParameter Name\u003c/th\u003e\u003cth\u003eParameter Type\u003c/th\u003e\u003cth\u003eDefault Value\u003c/th\u003e\u003cth\u003eRequired\u003c/th\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003espnwithport\u003c/td\u003e\u003ctd\u003eBoolean\u003c/td\u003e\u003ctd\u003efalse\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\n\n    **Parameters:**\n\n    - **SPN with Port** - Optional. Determine if the SPN assoicated with the remote connection contains the connection's port number (5985). Default is \u0026quot;false\u0026quot;.\n\n\n**2. Register the Windows Certificate Store Orchestrator with Keyfactor Command**\n\nOpen the Keyfactor Windows Agent Configuration Wizard and perform the tasks as illustrated below:\n\n![](images/kf-agent-config-1.png)\n\n- Click **\\\u003cNext\\\u003e**\n\n![](images/kf-agent-config-2.png)\n\n- If you have configured the agent service previously, you should be able to skip to just click **\\\u003cNext\\\u003e.** Otherwise, enter the service account Username and Password you wish to run the Keyfactor Windows Agent Service under, click **\\\u003cUpdate Windows Service Account\\\u003e** and click **\\\u003cNext\\\u003e.**\n\n![](images/kf-agent-config-3.png)\n\n- If you have configured the agent service previously, you should be able to skip to just re-enter the password to the service account the agent service will run under, click **\\\u003cValidate Keyfactor Connection\\\u003e** and then **\\\u003cNext\\\u003e.**\n\n![](images/kf-agent-config-4.png)\n\n- Select the agent you are adding capabilities for (in this case, IIS With Binding, and also select the specific capabilities (Inventory and Management in this example). Click **\\\u003cNext\\\u003e**.\n\n![](images/kf-agent-config-5.png)\n\n- For each AnyAgent implementation, check **Load assemblies containing extension modules from other location** , browse to the location of the compiled AnyAgent dll, and click **\\\u003cValidate Capabilities\\\u003e**. Once all AnyAgents have been validated, click **\\\u003cApply Configuration\\\u003e**.\n\n![](images/kf-agent-config-6.png)\n\n- If the Keyfactor Agent Configuration Wizard configured everything correctly, you should see the dialog above.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fwindows-certstore-orchestrator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeyfactor%2Fwindows-certstore-orchestrator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fwindows-certstore-orchestrator/lists"}