Venafi Windows services

The following is a list of modules that are available for selection in Venafi Configuration Console. Any module that is not selected during installation can be enabled later in the configuration console.

Some components can't be added to your system. For example, if IIS is not installed, or if you don't have a valid license for a specific product, related components won't be available.



Venafi Platform This service hosts the Venafi service modules. This service is required for all Venafi products.
Logging This service provides log event processing and notification delivery. It is not required to be running, however we recommend that at least one server in the cluster of Venafi servers has logging enabled and running.

API Host

This service is a WCF self-hosted web service used to run the Code Signing and Venafi Event Viewer MMC snap-ins on the Trust Protection Platform server. This service allows snap-ins run on the server even if IIS is not installed. It listens on port 689 and accepts requests only from localhost, to allow those snap-ins to perform their functions. By default, it closes after 10 minutes of inactivity.


This is the IIS server. It is located in the Venafi Configuration Console to easily enable you to stop, start, and restart IIS without having to leave the Venafi Configuration Console. IIS must be running on all Venafi servers.

Enrollment over Secure Transport Service

This service provides certificate enrollment capability for devices via the Enrollment over Secure Transport (EST) protocol.

For more information, see Example: Configuring EST for Cisco devices.