diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml index 589063f..bc94853 100644 --- a/.github/workflows/keyfactor-bootstrap-workflow.yml +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -14,7 +14,16 @@ jobs: uses: keyfactor/actions/.github/workflows/starter.yml@v4 permissions: contents: write + with: + command_token_url: ${{ vars.COMMAND_TOKEN_URL }} + command_hostname: ${{ vars.COMMAND_HOSTNAME }} + command_base_api_path: ${{ vars.COMMAND_API_PATH }} secrets: token: ${{ github.token }} gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} + scan_token: ${{ secrets.SAST_TOKEN }} + entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }} + entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }} + command_client_id: ${{ secrets.COMMAND_CLIENT_ID }} + command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 698de99..977518c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,2 +1,2 @@ -### 1.0.0 -* initial release \ No newline at end of file +## 1.0.0 +* Initial release \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..ab92fc1 --- /dev/null +++ b/README.md @@ -0,0 +1,111 @@ +

+ Nexus Certificate Manager Gateway AnyCA Gateway REST Plugin +

+ +

+ +Integration Status: prototype +Release +Issues +GitHub Downloads (all assets, all releases) +

+ +

+ + + Support + + · + + Requirements + + · + + Installation + + · + + License + + · + + Related Integrations + +

+ + +The Nexus Certificate Manager AnyCA REST plugin connects Nexus Certificate Manager to Keyfactor Command via the AnyCA Gateway REST. It supports the following capabilities: +* Certificate Synchronization +* Certificate Enrollment +* Certificate Revocation + +## Compatibility + +The Nexus Certificate Manager Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 25.2.0 and later. + +## Support +The Nexus Certificate Manager Gateway AnyCA Gateway REST plugin is open source and there is **no SLA**. Keyfactor will address issues as resources become available. Keyfactor customers may request escalation by opening up a support ticket through their Keyfactor representative. + +> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. + +## Requirements + +- The host URL for the instance of Nexus Certificate Manager +- A certificate in the pfx format to use for authentication into Nexus Certificate Manager, located on the Gateway Host +- The passphrase for the pfx certificate + +## Installation + +1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm). + +2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Nexus Certificate Manager Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/nexus-certificate-manager-caplugin/releases/latest) from GitHub. + +3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory: + + + ```shell + Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations: + Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions + Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions + ``` + + > The directory containing the Nexus Certificate Manager Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory. + +4. Restart the AnyCA Gateway REST service. + +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Nexus Certificate Manager Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. + +## Configuration + +1. Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) to define a new Certificate Authority, and use the notes below to configure the **Gateway Registration** and **CA Connection** tabs: + + * **Gateway Registration** + + To enroll certificates, the Keyfactor Command server must trust the CA chain. Identify the Root and/or Subordinate CA used by Nexus Certificate Manager, then download and import the certificate chain into the Command Server certificate store. + + * **CA Connection** + + Populate using the configuration fields collected in the [requirements](#requirements) section. + + * **Host** - The path to the Nexus CM server, including port + * **AuthCertificatePath** - The path to the PFX certificate for authenticating into Nexus CM + * **AuthCertPassword** - The password for the authentication certificate + * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. + +2. For this AnyCA Gateway, there is a single product type named "NexusCM". + +3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. + + +## CA Connection + +The certificate used by the gateway to authenticate into Nexus Certificate Manager must be copied to a location on the Gateway Host accessible by the gateway service. + + +## License + +Apache License 2.0, see [LICENSE](LICENSE). + +## Related Integrations + +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file diff --git a/docsource/configuration.md b/docsource/configuration.md index 41b03f6..143b64e 100644 --- a/docsource/configuration.md +++ b/docsource/configuration.md @@ -1,6 +1,6 @@ ## Overview -The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies: +The Nexus Certificate Manager AnyCA REST plugin connects Nexus Certificate Manager to Keyfactor Command via the AnyCA Gateway REST. It supports the following capabilities: * Certificate Synchronization * Certificate Enrollment * Certificate Revocation @@ -13,11 +13,11 @@ The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the ## Gateway Registration -In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store +To enroll certificates, the Keyfactor Command server must trust the CA chain. Identify the Root and/or Subordinate CA used by Nexus Certificate Manager, then download and import the certificate chain into the Command Server certificate store. ## CA Connection -The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessible by the gateway service. The Certificate Path +The certificate used by the gateway to authenticate into Nexus Certificate Manager must be copied to a location on the Gateway Host accessible by the gateway service. ## Certificate Template Creation Step diff --git a/integration-manifest.json b/integration-manifest.json index aec0196..1112c74 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,37 +1,39 @@ { - "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json", - "integration_type": "anyca-plugin", - "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin", - "status": "prototype", - "support_level": "kf-community", - "link_github": false, - "update_catalog": false, - "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework", - "gateway_framework": "25.2.0", - "release_dir": "nexus-certificate-manager-caplugin/bin/Release", - "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj", - "about": { - "carest": { - "product_ids": [ "NexusCM" ], - "ca_plugin_config": [ - { - "name": "Host", - "description": "The URI of the instance of the Nexus Certificate Manager API, including port. example: https://127.0.0.1:8444" - }, - { - "name": "AuthCertificatePath", - "description": "The path on the AnyCA Gateway host where the PFX certificate that will be used for authentication can be found. example: 'C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net8.0\\my_auth_cert.pfx'" - }, - { - "name": "AuthCertPassword", - "description": "The password for the PFX certificate located on the AnyCA Gateway Host that will be used for authentication into Nexus Certificate Manager" - }, - { - "name": "Enabled", - "description": "Flag to enable or disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." + "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json", + "integration_type": "anyca-plugin", + "name": "Nexus Certificate Manager AnyCA REST Gateway Plugin", + "status": "prototype", + "support_level": "kf-community", + "link_github": false, + "update_catalog": false, + "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework", + "gateway_framework": "25.2.0", + "release_dir": "nexus-certificate-manager-caplugin/bin/Release", + "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj", + "about": { + "carest": { + "product_ids": [ + "NexusCM" + ], + "ca_plugin_config": [ + { + "name": "Host", + "description": "The path to the Nexus CM server, including port" + }, + { + "name": "AuthCertificatePath", + "description": "The path to the PFX certificate for authenticating into Nexus CM" + }, + { + "name": "AuthCertPassword", + "description": "The password for the authentication certificate" + }, + { + "name": "Enabled", + "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available." + } + ], + "enrollment_config": [] } - ], - "enrollment_config": [] } - } -} +} \ No newline at end of file