From d2d73423ed0e633a059d3bd4c3e0e17181aa36a4 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Fri, 25 Oct 2024 15:16:24 -0400 Subject: [PATCH 01/10] Update configuration.md --- docsource/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docsource/configuration.md b/docsource/configuration.md index a658873..c2ec5e6 100644 --- a/docsource/configuration.md +++ b/docsource/configuration.md @@ -78,7 +78,7 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ ``` 4) **Sample Mapping Below** -![](../images/SampleMapping.gif) +![](images/SampleMapping.gif) --- From ef538e87c8c67668a95208b665ce097807c0c1de Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Fri, 25 Oct 2024 15:16:55 -0400 Subject: [PATCH 02/10] Update configuration.md --- docsource/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docsource/configuration.md b/docsource/configuration.md index c2ec5e6..3d28fe5 100644 --- a/docsource/configuration.md +++ b/docsource/configuration.md @@ -78,7 +78,7 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ ``` 4) **Sample Mapping Below** -![](images/SampleMapping.gif) +![](/images/SampleMapping.gif) --- From 783895c776b953ef5b3a8f77684ebdd37131bec8 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Fri, 25 Oct 2024 19:18:03 +0000 Subject: [PATCH 03/10] Update generated docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 06328a0..f74493d 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ ``` 4) **Sample Mapping Below** -![](../images/SampleMapping.gif) +![](/images/SampleMapping.gif) --- From 25f40651d44b216fd9241eaf063b24425e0732f3 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:37:40 -0400 Subject: [PATCH 04/10] Update README.md --- README.md | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index f74493d..737fd52 100644 --- a/README.md +++ b/README.md @@ -125,21 +125,6 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ --- -### Digicert Trust Chain Bundle Download - -#### Steps to Download a Trust Chain Bundle - -1. **Log in to Digicert MPKI Manager**: - - Open your web browser and navigate to the Digicert MPKI URL. - - Enter your pin and log in. - -2. **Navigate to the Manage CAs Menu**: - - Click on Gear at the bottom of page. - - Select **Manage CAs**. - -3. **Download the Trust Chain Bundle**: - - You will see the root and intermediate certificates available for download. - ## Installation 1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm). @@ -164,7 +149,20 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **Gateway Registration** - TODO Gateway Registration is a required section +**Digicert Trust Chain Bundle Download** + +**Steps to Download a Trust Chain Bundle** + +1. **Log in to Digicert MPKI Manager**: + - Open your web browser and navigate to the Digicert MPKI URL. + - Enter your pin and log in. + +2. **Navigate to the Manage CAs Menu**: + - Click on Gear at the bottom of page. + - Select **Manage CAs**. + +3. **Download the Trust Chain Bundle**: + - You will see the root and intermediate certificates available for download. * **CA Connection** @@ -188,4 +186,4 @@ Apache License 2.0, see [LICENSE](LICENSE). ## Related Integrations -See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). From 8028b07ca42d5313313ae38c060b27b6330adaab Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:38:36 -0400 Subject: [PATCH 05/10] Update README.md --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 737fd52..c680516 100644 --- a/README.md +++ b/README.md @@ -149,20 +149,20 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **Gateway Registration** -**Digicert Trust Chain Bundle Download** - -**Steps to Download a Trust Chain Bundle** - -1. **Log in to Digicert MPKI Manager**: - - Open your web browser and navigate to the Digicert MPKI URL. - - Enter your pin and log in. - -2. **Navigate to the Manage CAs Menu**: - - Click on Gear at the bottom of page. - - Select **Manage CAs**. - -3. **Download the Trust Chain Bundle**: - - You will see the root and intermediate certificates available for download. + **Digicert Trust Chain Bundle Download** + + **Steps to Download a Trust Chain Bundle** + + 1. **Log in to Digicert MPKI Manager**: + - Open your web browser and navigate to the Digicert MPKI URL. + - Enter your pin and log in. + + 2. **Navigate to the Manage CAs Menu**: + - Click on Gear at the bottom of page. + - Select **Manage CAs**. + + 3. **Download the Trust Chain Bundle**: + - You will see the root and intermediate certificates available for download. * **CA Connection** From 98feaadf6033f3ffd7f81e28ea94e6f913e7c955 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:39:21 -0400 Subject: [PATCH 06/10] Update README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c680516..8255e86 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,8 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **Gateway Registration** - **Digicert Trust Chain Bundle Download** + + **Digicert Trust Chain Bundle Download** **Steps to Download a Trust Chain Bundle** @@ -164,6 +165,8 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ 3. **Download the Trust Chain Bundle**: - You will see the root and intermediate certificates available for download. + + * **CA Connection** Populate using the configuration fields collected in the [requirements](#requirements) section. From 2977d8a8950ca0ccac40bcc835eb201f7789cda7 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:39:50 -0400 Subject: [PATCH 07/10] Update README.md --- README.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 8255e86..ec82601 100644 --- a/README.md +++ b/README.md @@ -149,22 +149,20 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **Gateway Registration** - - **Digicert Trust Chain Bundle Download** - - **Steps to Download a Trust Chain Bundle** - - 1. **Log in to Digicert MPKI Manager**: - - Open your web browser and navigate to the Digicert MPKI URL. - - Enter your pin and log in. - - 2. **Navigate to the Manage CAs Menu**: - - Click on Gear at the bottom of page. - - Select **Manage CAs**. - - 3. **Download the Trust Chain Bundle**: - - You will see the root and intermediate certificates available for download. - + **Digicert Trust Chain Bundle Download** + + **Steps to Download a Trust Chain Bundle** + + 1. **Log in to Digicert MPKI Manager**: + - Open your web browser and navigate to the Digicert MPKI URL. + - Enter your pin and log in. + + 2. **Navigate to the Manage CAs Menu**: + - Click on Gear at the bottom of page. + - Select **Manage CAs**. + + 3. **Download the Trust Chain Bundle**: + - You will see the root and intermediate certificates available for download. * **CA Connection** From 7415307e69e1d79f47cdce4b1f4f366211dcd490 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Mon, 28 Oct 2024 13:41:15 +0000 Subject: [PATCH 08/10] Update generated docs --- README.md | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index ec82601..f74493d 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,21 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ --- +### Digicert Trust Chain Bundle Download + +#### Steps to Download a Trust Chain Bundle + +1. **Log in to Digicert MPKI Manager**: + - Open your web browser and navigate to the Digicert MPKI URL. + - Enter your pin and log in. + +2. **Navigate to the Manage CAs Menu**: + - Click on Gear at the bottom of page. + - Select **Manage CAs**. + +3. **Download the Trust Chain Bundle**: + - You will see the root and intermediate certificates available for download. + ## Installation 1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm). @@ -149,21 +164,7 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **Gateway Registration** - **Digicert Trust Chain Bundle Download** - - **Steps to Download a Trust Chain Bundle** - - 1. **Log in to Digicert MPKI Manager**: - - Open your web browser and navigate to the Digicert MPKI URL. - - Enter your pin and log in. - - 2. **Navigate to the Manage CAs Menu**: - - Click on Gear at the bottom of page. - - Select **Manage CAs**. - - 3. **Download the Trust Chain Bundle**: - - You will see the root and intermediate certificates available for download. - + TODO Gateway Registration is a required section * **CA Connection** @@ -187,4 +188,4 @@ Apache License 2.0, see [LICENSE](LICENSE). ## Related Integrations -See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file From 34a2d6903e32b5db6a4d63194cf024c6cb9a9efb Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:49:54 -0400 Subject: [PATCH 09/10] Update README.md --- README.md | 83 ++++++++++++++++++++++++++----------------------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index f74493d..2741839 100644 --- a/README.md +++ b/README.md @@ -84,47 +84,6 @@ keytool -import -trustcacerts -alias root -file SYMC_Managed_PKI_Infrastructure_ keytool -importkeystore -srckeystore KeyfactorMPki.jks -srcstoretype JKS -destkeystore KeyfactorMPki2.pfx -deststoretype PKCS12 ``` ---- - -#### Enrollment Templates -Since there are infinate number of profile configurations in DigiCertSym mPKI, these tempates are used to shell out the request for each profile and during the enrollment process will be replaced with data from the Enrollment request in Keyfactor. - -These tempates files must be copied into the same directory as the Gateway binaries and saved as a JSON file with the same name outlined in the tempates section above. - -Sample Enrollment Template is [here](https://github.com/Keyfactor/digicert-mpki-caplugin/blob/main/FAA-StandardRequest.json) - -Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/mpki/docs/index.html) - -1) **EnrollmentParam** - Below is a sample Enrollment Template where anything Prefixed with "EnrollmentParam|FieldName" will be replaced with an enrollment field value from the Keyfactor portal during enrollment. -2) **CSR|RAW** - Below is a sample Enrollment Template where anything Prefixed with "CSR|RAW" will be replaced with the raw CSR content from the enrollment request from Keyfactor Portal. -3) **CSR|CSRContent** - Below is a sample Enrollment Template where anything Prefixed with "CSR|CSRContent" will be replaced with the CSR content from the enrollment request from Keyfactor Portal. - -``` -{ - "profile": { - "id": "2.16.840.1.113733.1.16.1.5.2.5.1.1280209757" - }, - "seat": { - "seat_id": "EnrollmentParam|Seat" - }, - "csr": "CSR|RAW", - "validity": { - "unit": "years", - "duration": "Numeric|EnrollmentParam|Validity (Years)|Numeric" - }, - "attributes": { - "common_name": "CSR|CN", - "country": "CSR|C", - "organization_name": "CSR|O" - } -} -``` - -4) **Sample Mapping Below** -![](/images/SampleMapping.gif) - ---- - ### Digicert Trust Chain Bundle Download #### Steps to Download a Trust Chain Bundle @@ -176,9 +135,45 @@ Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/ * **ClientCertPassword** - Password for the SOAP Client Certificate. * **EndpointAddress** - Endpoint address for SOAP Service sample: https://someurl/pki-ws/certificateManagementService. -2. TODO Certificate Template Creation Step is a required section +2. Certificate Template Creation + + Since there are infinate number of profile configurations in DigiCertSym mPKI, these tempates are used to shell out the request for each profile and during the enrollment process will be replaced with data from the Enrollment request in Keyfactor. + + These tempates files must be copied into the same directory as the Gateway binaries and saved as a JSON file with the same name outlined in the tempates section above. + + Sample Enrollment Template is [here](https://github.com/Keyfactor/digicert-mpki-caplugin/blob/main/FAA-StandardRequest.json) + + Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/mpki/docs/index.html) + + 1) **EnrollmentParam** - Below is a sample Enrollment Template where anything Prefixed with "EnrollmentParam|FieldName" will be replaced with an enrollment field value from the Keyfactor portal during enrollment. + 2) **CSR|RAW** - Below is a sample Enrollment Template where anything Prefixed with "CSR|RAW" will be replaced with the raw CSR content from the enrollment request from Keyfactor Portal. + 3) **CSR|CSRContent** - Below is a sample Enrollment Template where anything Prefixed with "CSR|CSRContent" will be replaced with the CSR content from the enrollment request from Keyfactor Portal. + + ``` + { + "profile": { + "id": "2.16.840.1.113733.1.16.1.5.2.5.1.1280209757" + }, + "seat": { + "seat_id": "EnrollmentParam|Seat" + }, + "csr": "CSR|RAW", + "validity": { + "unit": "years", + "duration": "Numeric|EnrollmentParam|Validity (Years)|Numeric" + }, + "attributes": { + "common_name": "CSR|CN", + "country": "CSR|C", + "organization_name": "CSR|O" + } + } + ``` + + 4) **Sample Mapping Below** + ![](/images/SampleMapping.gif) -3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. +4. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. @@ -188,4 +183,4 @@ Apache License 2.0, see [LICENSE](LICENSE). ## Related Integrations -See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). From 8c2e4dfdcaf466cd6c0a0e57c4c140b5cea08546 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Mon, 28 Oct 2024 13:51:23 +0000 Subject: [PATCH 10/10] Update generated docs --- README.md | 83 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 44 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 2741839..f74493d 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,47 @@ keytool -import -trustcacerts -alias root -file SYMC_Managed_PKI_Infrastructure_ keytool -importkeystore -srckeystore KeyfactorMPki.jks -srcstoretype JKS -destkeystore KeyfactorMPki2.pfx -deststoretype PKCS12 ``` +--- + +#### Enrollment Templates +Since there are infinate number of profile configurations in DigiCertSym mPKI, these tempates are used to shell out the request for each profile and during the enrollment process will be replaced with data from the Enrollment request in Keyfactor. + +These tempates files must be copied into the same directory as the Gateway binaries and saved as a JSON file with the same name outlined in the tempates section above. + +Sample Enrollment Template is [here](https://github.com/Keyfactor/digicert-mpki-caplugin/blob/main/FAA-StandardRequest.json) + +Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/mpki/docs/index.html) + +1) **EnrollmentParam** - Below is a sample Enrollment Template where anything Prefixed with "EnrollmentParam|FieldName" will be replaced with an enrollment field value from the Keyfactor portal during enrollment. +2) **CSR|RAW** - Below is a sample Enrollment Template where anything Prefixed with "CSR|RAW" will be replaced with the raw CSR content from the enrollment request from Keyfactor Portal. +3) **CSR|CSRContent** - Below is a sample Enrollment Template where anything Prefixed with "CSR|CSRContent" will be replaced with the CSR content from the enrollment request from Keyfactor Portal. + +``` +{ + "profile": { + "id": "2.16.840.1.113733.1.16.1.5.2.5.1.1280209757" + }, + "seat": { + "seat_id": "EnrollmentParam|Seat" + }, + "csr": "CSR|RAW", + "validity": { + "unit": "years", + "duration": "Numeric|EnrollmentParam|Validity (Years)|Numeric" + }, + "attributes": { + "common_name": "CSR|CN", + "country": "CSR|C", + "organization_name": "CSR|O" + } +} +``` + +4) **Sample Mapping Below** +![](/images/SampleMapping.gif) + +--- + ### Digicert Trust Chain Bundle Download #### Steps to Download a Trust Chain Bundle @@ -135,45 +176,9 @@ keytool -importkeystore -srckeystore KeyfactorMPki.jks -srcstoretype JKS -destke * **ClientCertPassword** - Password for the SOAP Client Certificate. * **EndpointAddress** - Endpoint address for SOAP Service sample: https://someurl/pki-ws/certificateManagementService. -2. Certificate Template Creation - - Since there are infinate number of profile configurations in DigiCertSym mPKI, these tempates are used to shell out the request for each profile and during the enrollment process will be replaced with data from the Enrollment request in Keyfactor. - - These tempates files must be copied into the same directory as the Gateway binaries and saved as a JSON file with the same name outlined in the tempates section above. - - Sample Enrollment Template is [here](https://github.com/Keyfactor/digicert-mpki-caplugin/blob/main/FAA-StandardRequest.json) - - Enrollment Format Specifications Located [here](https://pki-ws-rest.symauth.com/mpki/docs/index.html) - - 1) **EnrollmentParam** - Below is a sample Enrollment Template where anything Prefixed with "EnrollmentParam|FieldName" will be replaced with an enrollment field value from the Keyfactor portal during enrollment. - 2) **CSR|RAW** - Below is a sample Enrollment Template where anything Prefixed with "CSR|RAW" will be replaced with the raw CSR content from the enrollment request from Keyfactor Portal. - 3) **CSR|CSRContent** - Below is a sample Enrollment Template where anything Prefixed with "CSR|CSRContent" will be replaced with the CSR content from the enrollment request from Keyfactor Portal. - - ``` - { - "profile": { - "id": "2.16.840.1.113733.1.16.1.5.2.5.1.1280209757" - }, - "seat": { - "seat_id": "EnrollmentParam|Seat" - }, - "csr": "CSR|RAW", - "validity": { - "unit": "years", - "duration": "Numeric|EnrollmentParam|Validity (Years)|Numeric" - }, - "attributes": { - "common_name": "CSR|CN", - "country": "CSR|C", - "organization_name": "CSR|O" - } - } - ``` - - 4) **Sample Mapping Below** - ![](/images/SampleMapping.gif) +2. TODO Certificate Template Creation Step is a required section -4. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. +3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates. @@ -183,4 +188,4 @@ Apache License 2.0, see [LICENSE](LICENSE). ## Related Integrations -See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). +See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway). \ No newline at end of file