From 27486638bbd5af4291075bf68716df0ece6f592f Mon Sep 17 00:00:00 2001 From: Morgan Gangwere <470584+indrora@users.noreply.github.com> Date: Thu, 29 Jan 2026 12:38:58 -0800 Subject: [PATCH 1/7] Merge 1.0.0 to main (#3) * feat: release 1.1.1 * Implemented enrollment, added helper methods and API response handlers * implemented cert retrieval methods on client. * added additional logging, implemented revoke on client * implemented sync and revoke; completed initial functionality * added changelog and license headers * added manifest, disabled auth cert domain check for nexus auth cert * Updated enrollment to include first available procname for enrollment (error when there is no default set). * updated request format for revocation * cleanup * documentation updates * updated project settings for github build * added keyfactor-bootstrap-workflow.yml * updated manifest * added docsource folder * corrected the returned value on a revoke request * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs flattening exception to retain potential useful info Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update docsource/configuration.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/models/Helpers.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * added check for partial sync * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * updating manifest for doctool build --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Revert "feat: release 1.1.1" (#2) This reverts commit 73882768072b8980bf444674fad1d973915ffa59. --------- Co-authored-by: Joe VanWanzeele <76071503+joevanwanzeeleKF@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> From 06ea9004eaa21c56d304131a643ca793c944370f Mon Sep 17 00:00:00 2001 From: Morgan Gangwere <470584+indrora@users.noreply.github.com> Date: Fri, 27 Feb 2026 11:32:32 -0800 Subject: [PATCH 2/7] Update keyfactor-bootstrap-workflow.yml --- .github/workflows/keyfactor-bootstrap-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml index 46f6fc9..52d171c 100644 --- a/.github/workflows/keyfactor-bootstrap-workflow.yml +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -11,7 +11,7 @@ on: jobs: call-starter-workflow: - uses: keyfactor/actions/.github/workflows/starter.yml@v3 + uses: keyfactor/actions/.github/workflows/starter.yml@v4 secrets: token: ${{ secrets.V2BUILDTOKEN}} APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} From 6592b927db5806da4b49c1f5ab34ffef3dd9317c Mon Sep 17 00:00:00 2001 From: Morgan Gangwere <470584+indrora@users.noreply.github.com> Date: Fri, 27 Feb 2026 11:38:40 -0800 Subject: [PATCH 3/7] Update keyfactor-bootstrap-workflow.yml --- .github/workflows/keyfactor-bootstrap-workflow.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml index 52d171c..589063f 100644 --- a/.github/workflows/keyfactor-bootstrap-workflow.yml +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -12,8 +12,9 @@ on: jobs: call-starter-workflow: uses: keyfactor/actions/.github/workflows/starter.yml@v4 + permissions: + contents: write secrets: - token: ${{ secrets.V2BUILDTOKEN}} - APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} + token: ${{ github.token }} gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} From 42532ae181b6ffd8afc33eeacec4abba99ac1923 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Mon, 2 Mar 2026 11:33:17 -0800 Subject: [PATCH 4/7] chore(ci): add missing inputs to v4 actions --- .github/workflows/keyfactor-bootstrap-workflow.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml index 589063f..0068760 100644 --- a/.github/workflows/keyfactor-bootstrap-workflow.yml +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -14,7 +14,16 @@ jobs: uses: keyfactor/actions/.github/workflows/starter.yml@v4 permissions: contents: write + with: + command_token_url: ${{ vars.COMMAND_TOKEN_URL }} + command_hostname: ${{ vars.COMMAND_HOSTNAME }} + command_base_api_path: ${{ vars.COMMAND_API_PATH }} secrets: - token: ${{ github.token }} + token: ${{ secrets.V2BUILDTOKEN }} gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} + scan_token: ${{ secrets.SAST_TOKEN }} + entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }} + entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }} + command_client_id: ${{ secrets.COMMAND_CLIENT_ID }} + command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }} From 90a331157155f1504aed39ee26b1bcd0e82b88b5 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 5 Mar 2026 19:44:33 +0000 Subject: [PATCH 5/7] Update generated docs --- README.md | 111 ++++++++++++++++++++++++++++++++++++++ integration-manifest.json | 70 ++++++++++++------------ 2 files changed, 147 insertions(+), 34 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..8e507d2 --- /dev/null +++ b/README.md @@ -0,0 +1,111 @@ +

+ Nexus Certificate Maanager Gateway AnyCA Gateway REST Plugin +

+ +

+ +Integration Status: prototype +Release +Issues +GitHub Downloads (all assets, all releases) +

+ +

+ + + Support + + · + + Requirements + + · + + Installation + + · + + License + + · + + Related Integrations + +

+ + +The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies: +* Certificate Synchronization +* Certificate Enrollment +* Certificate Revocation + +## Compatibility + +The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 25.2.0 and later. + +## Support +The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open source and there is **no SLA**. Keyfactor will address issues as resources become available. Keyfactor customers may request escalation by opening up a support ticket through their Keyfactor representative. + +> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. + +## Requirements + +- The host URL for the instance of Nexus Certificate Manager +- A certificate in the pfx format to use for authentication into Nexus Certificate Manager, located on the Gateway Host +- The passphrase for the pfx certificate + +## Installation + +1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm). + +2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/nexus-certificate-manager-caplugin/releases/latest) from GitHub. + +3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory: + + + ```shell + Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations: + Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions + Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions + ``` + + > The directory containing the Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory. + +4. Restart the AnyCA Gateway REST service. + +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Nexus Certificate Maanager Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. + +## Configuration + +1. Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) to define a new Certificate Authority, and use the notes below to configure the **Gateway Registration** and **CA Connection** tabs: + + * **Gateway Registration** + + In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store + + * **CA Connection** + + Populate using the configuration fields collected in the [requirements](#requirements) section. + + * **Host** - The path to the Nexus CM server, including port + * **AuthCertificatePath** - The path to the PFX certificate for authenticating into Nexus CM + * **AuthCertPassword** - The password for the authentication certificate + * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. + +2. For this AnyCA Gateway, there is a single product type named "NexusCM". + +3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. + + +## CA Connection + +The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessible by the gateway service. The Certificate Path + + +## License + +Apache License 2.0, see [LICENSE](LICENSE). + +## Related Integrations + +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file diff --git a/integration-manifest.json b/integration-manifest.json index aec0196..08e58c5 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,37 +1,39 @@ { - "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json", - "integration_type": "anyca-plugin", - "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin", - "status": "prototype", - "support_level": "kf-community", - "link_github": false, - "update_catalog": false, - "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework", - "gateway_framework": "25.2.0", - "release_dir": "nexus-certificate-manager-caplugin/bin/Release", - "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj", - "about": { - "carest": { - "product_ids": [ "NexusCM" ], - "ca_plugin_config": [ - { - "name": "Host", - "description": "The URI of the instance of the Nexus Certificate Manager API, including port. example: https://127.0.0.1:8444" - }, - { - "name": "AuthCertificatePath", - "description": "The path on the AnyCA Gateway host where the PFX certificate that will be used for authentication can be found. example: 'C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net8.0\\my_auth_cert.pfx'" - }, - { - "name": "AuthCertPassword", - "description": "The password for the PFX certificate located on the AnyCA Gateway Host that will be used for authentication into Nexus Certificate Manager" - }, - { - "name": "Enabled", - "description": "Flag to enable or disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." + "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json", + "integration_type": "anyca-plugin", + "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin", + "status": "prototype", + "support_level": "kf-community", + "link_github": false, + "update_catalog": false, + "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework", + "gateway_framework": "25.2.0", + "release_dir": "nexus-certificate-manager-caplugin/bin/Release", + "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj", + "about": { + "carest": { + "product_ids": [ + "NexusCM" + ], + "ca_plugin_config": [ + { + "name": "Host", + "description": "The path to the Nexus CM server, including port" + }, + { + "name": "AuthCertificatePath", + "description": "The path to the PFX certificate for authenticating into Nexus CM" + }, + { + "name": "AuthCertPassword", + "description": "The password for the authentication certificate" + }, + { + "name": "Enabled", + "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." + } + ], + "enrollment_config": [] } - ], - "enrollment_config": [] } - } -} +} \ No newline at end of file From dc6ee81a67984f3f24e39a09baac5eea3900c2a4 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 5 Mar 2026 12:25:05 -0800 Subject: [PATCH 6/7] chore(docs): Minor doc fixes. --- CHANGELOG.md | 4 ++-- docsource/configuration.md | 6 +++--- integration-manifest.json | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 698de99..977518c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,2 +1,2 @@ -### 1.0.0 -* initial release \ No newline at end of file +## 1.0.0 +* Initial release \ No newline at end of file diff --git a/docsource/configuration.md b/docsource/configuration.md index 41b03f6..143b64e 100644 --- a/docsource/configuration.md +++ b/docsource/configuration.md @@ -1,6 +1,6 @@ ## Overview -The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies: +The Nexus Certificate Manager AnyCA REST plugin connects Nexus Certificate Manager to Keyfactor Command via the AnyCA Gateway REST. It supports the following capabilities: * Certificate Synchronization * Certificate Enrollment * Certificate Revocation @@ -13,11 +13,11 @@ The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the ## Gateway Registration -In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store +To enroll certificates, the Keyfactor Command server must trust the CA chain. Identify the Root and/or Subordinate CA used by Nexus Certificate Manager, then download and import the certificate chain into the Command Server certificate store. ## CA Connection -The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessible by the gateway service. The Certificate Path +The certificate used by the gateway to authenticate into Nexus Certificate Manager must be copied to a location on the Gateway Host accessible by the gateway service. ## Certificate Template Creation Step diff --git a/integration-manifest.json b/integration-manifest.json index 08e58c5..833fdc5 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,7 +1,7 @@ { "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json", "integration_type": "anyca-plugin", - "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin", + "name": "Nexus Certificate Manager AnyCA REST Gateway Plugin", "status": "prototype", "support_level": "kf-community", "link_github": false, @@ -30,7 +30,7 @@ }, { "name": "Enabled", - "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." + "description": "Enables or disables gateway functionality. Disable to create the CA before configuration information is available." } ], "enrollment_config": [] From 31e260e60fa1ab0f0c76e48cf8dc90e244d9146e Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 5 Mar 2026 20:27:29 +0000 Subject: [PATCH 7/7] Update generated docs --- README.md | 18 +++++++++--------- integration-manifest.json | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8e507d2..ab92fc1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- Nexus Certificate Maanager Gateway AnyCA Gateway REST Plugin + Nexus Certificate Manager Gateway AnyCA Gateway REST Plugin

@@ -34,17 +34,17 @@

-The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies: +The Nexus Certificate Manager AnyCA REST plugin connects Nexus Certificate Manager to Keyfactor Command via the AnyCA Gateway REST. It supports the following capabilities: * Certificate Synchronization * Certificate Enrollment * Certificate Revocation ## Compatibility -The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 25.2.0 and later. +The Nexus Certificate Manager Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 25.2.0 and later. ## Support -The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open source and there is **no SLA**. Keyfactor will address issues as resources become available. Keyfactor customers may request escalation by opening up a support ticket through their Keyfactor representative. +The Nexus Certificate Manager Gateway AnyCA Gateway REST plugin is open source and there is **no SLA**. Keyfactor will address issues as resources become available. Keyfactor customers may request escalation by opening up a support ticket through their Keyfactor representative. > To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. @@ -58,7 +58,7 @@ The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open sourc 1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm). -2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/nexus-certificate-manager-caplugin/releases/latest) from GitHub. +2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Nexus Certificate Manager Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/nexus-certificate-manager-caplugin/releases/latest) from GitHub. 3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory: @@ -69,11 +69,11 @@ The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open sourc Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions ``` - > The directory containing the Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory. + > The directory containing the Nexus Certificate Manager Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory. 4. Restart the AnyCA Gateway REST service. -5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Nexus Certificate Maanager Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Nexus Certificate Manager Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. ## Configuration @@ -81,7 +81,7 @@ The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open sourc * **Gateway Registration** - In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store + To enroll certificates, the Keyfactor Command server must trust the CA chain. Identify the Root and/or Subordinate CA used by Nexus Certificate Manager, then download and import the certificate chain into the Command Server certificate store. * **CA Connection** @@ -99,7 +99,7 @@ The Nexus Certificate Maanager Gateway AnyCA Gateway REST plugin is open sourc ## CA Connection -The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessible by the gateway service. The Certificate Path +The certificate used by the gateway to authenticate into Nexus Certificate Manager must be copied to a location on the Gateway Host accessible by the gateway service. ## License diff --git a/integration-manifest.json b/integration-manifest.json index 833fdc5..1112c74 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -30,7 +30,7 @@ }, { "name": "Enabled", - "description": "Enables or disables gateway functionality. Disable to create the CA before configuration information is available." + "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." } ], "enrollment_config": []