From a4dfbe2b08214adaf26748241f416932088eb962 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 6 Nov 2025 11:29:17 -0500 Subject: [PATCH 1/7] check for duplicate PEMs --- digicert-certcentral-caplugin/CertCentralCAPlugin.cs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs index 86da38c..7969f7b 100644 --- a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs +++ b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs @@ -615,7 +615,7 @@ public Dictionary GetTemplateParameterAnnotations() { Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.", Hidden = false, - DefaultValue = "strict", + DefaultValue = "", Type = "String" }, [CertCentralConstants.Config.FIRST_NAME] = new PropertyConfigInfo() @@ -1557,6 +1557,7 @@ private List GetAllConnectorCertsForOrder(string caReque var orderCerts = GetAllCertsForOrder(orderId); List certList = new List(); + List pemList = new List(); foreach (var cert in orderCerts) { @@ -1578,6 +1579,13 @@ private List GetAllConnectorCertsForOrder(string caReque throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}"); } } + //Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs + if (pemList.Contains(certificate)) + { + _logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping..."); + continue; + } + pemList.Add(certificate); var connCert = new AnyCAPluginCertificate { CARequestID = caReqId, From cd8fd907f434927676b5834b974a63bc7f63ed4f Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 18 Nov 2025 14:26:45 -0500 Subject: [PATCH 2/7] change default start sync date for first incremental sync --- digicert-certcentral-caplugin/CertCentralCAPlugin.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs index 7969f7b..7f191dc 100644 --- a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs +++ b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs @@ -760,7 +760,9 @@ public async Task Synchronize(BlockingCollection blockin { _logger.MethodEntry(LogLevel.Trace); - lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.MinValue; // DigiCert issue with treating the timezone as mountain time. -7 to accomodate DST + // DigiCert issue with treating the timezone as mountain time. -7 hours to accomodate DST + // If no last sync, use 7 days in the past as the starting point (only relevant for incremental syncs) + lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-7); DateTime? utcDate = DateTime.UtcNow.AddDays(1); string lastSyncFormat = FormatSyncDate(lastSync); string todaySyncFormat = FormatSyncDate(utcDate); From fe7e05d53e3150f1d854dc3d6362dc21d4cd7b28 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 18 Nov 2025 14:42:47 -0500 Subject: [PATCH 3/7] removing caching of product type list --- .../Models/CertCentralCertType.cs | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/digicert-certcentral-caplugin/Models/CertCentralCertType.cs b/digicert-certcentral-caplugin/Models/CertCentralCertType.cs index ce3882d..7b65c0f 100644 --- a/digicert-certcentral-caplugin/Models/CertCentralCertType.cs +++ b/digicert-certcentral-caplugin/Models/CertCentralCertType.cs @@ -16,7 +16,6 @@ public class CertCentralCertType #region Private Fields private static readonly ILogger Logger = LogHandler.GetClassLogger(); - private static List _allTypes; #endregion Private Fields @@ -62,12 +61,7 @@ public class CertCentralCertType /// public static List GetAllTypes(CertCentralConfig config) { - if (_allTypes == null || !_allTypes.Any()) - { - _allTypes = RetrieveCertCentralCertTypes(config); - } - - return _allTypes; + return RetrieveCertCentralCertTypes(config); } /// From d195faf8ab3d065682d7b5b92b3964bbbde79fc3 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 19 Nov 2025 13:15:09 -0500 Subject: [PATCH 4/7] change default incremental sync range --- digicert-certcentral-caplugin/CertCentralCAPlugin.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs index 7f191dc..69820c2 100644 --- a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs +++ b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs @@ -761,8 +761,8 @@ public async Task Synchronize(BlockingCollection blockin _logger.MethodEntry(LogLevel.Trace); // DigiCert issue with treating the timezone as mountain time. -7 hours to accomodate DST - // If no last sync, use 7 days in the past as the starting point (only relevant for incremental syncs) - lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-7); + // If no last sync, use a 6 day window for the sync range (only relevant for incremental syncs) + lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-5); DateTime? utcDate = DateTime.UtcNow.AddDays(1); string lastSyncFormat = FormatSyncDate(lastSync); string todaySyncFormat = FormatSyncDate(utcDate); From 1b14604978ff1b827f20799db4a2d4625471eae3 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 19 Nov 2025 13:18:44 -0500 Subject: [PATCH 5/7] version --- .../digicert-certcentral-caplugin.csproj | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj index 84289d0..7510b07 100644 --- a/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj +++ b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj @@ -6,8 +6,8 @@ enable disable DigicertCAPlugin - 2.1.1 - 2.1.1 + 2.1.2 + 2.1.2 From a64934c1db82dd9954457675bb79765cb6578ad3 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 19 Nov 2025 13:21:33 -0500 Subject: [PATCH 6/7] changelog --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d32a6cc..126e723 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,4 +15,9 @@ * Add configuration flag to support adding client auth EKU to ssl cert requests * NOTE: This is a temporary feature which is planned for loss of support by Digicert in May 2026 * For smime certs, use profile type defined on the product as the default if not supplied, rather than just defaulting to 'strict' -* Hotfix for data type conversion \ No newline at end of file +* Hotfix for data type conversion + +### 2.1.2 +* Hotfix for incremental sync to default to a 6 day window if no previous incremental sync has run +* Workaround for DigiCert API issue where retrieving the PEM data of multiple certificates in the same order can occasionally return duplicate data rather than the correct cert +* Remove caching of product ID lookups from DigiCert account \ No newline at end of file From 208fecedc7c2a2b63d6e78d4892587669339087c Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Dec 2025 12:40:21 -0500 Subject: [PATCH 7/7] shorten incremental sync if it is too long --- digicert-certcentral-caplugin/CertCentralCAPlugin.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs index 69820c2..c2fdb76 100644 --- a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs +++ b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs @@ -764,6 +764,10 @@ public async Task Synchronize(BlockingCollection blockin // If no last sync, use a 6 day window for the sync range (only relevant for incremental syncs) lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-5); DateTime? utcDate = DateTime.UtcNow.AddDays(1); + if ((utcDate.Value - lastSync.Value).Days > 6) + { + lastSync = DateTime.UtcNow.AddDays(-5); + } string lastSyncFormat = FormatSyncDate(lastSync); string todaySyncFormat = FormatSyncDate(utcDate);