From 7bb9ca78a8390735abfed0a891a54ab8793ebe09 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 28 Aug 2025 20:08:21 -0400 Subject: [PATCH 01/10] allow for cert upload as well as store or filepath --- sectigo-scm-caplugin/Client/SectigoClient.cs | 59 ++----------------- sectigo-scm-caplugin/SectigoCAPlugin.cs | 28 +++++---- sectigo-scm-caplugin/SectigoConfig.cs | 13 +--- .../sectigo-scm-caplugin.csproj | 4 +- 4 files changed, 24 insertions(+), 80 deletions(-) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index da9463c..23b8b70 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -1,4 +1,5 @@ -using Keyfactor.Extensions.CAPlugin.Sectigo.API; +using Keyfactor.AnyGateway.Extensions; +using Keyfactor.Extensions.CAPlugin.Sectigo.API; using Keyfactor.Extensions.CAPlugin.Sectigo.Models; using Keyfactor.Logging; @@ -305,7 +306,7 @@ private static async Task ProcessResponse(HttpResponseMessage response) } } - public static SectigoClient InitializeClient(SectigoConfig config) + public static SectigoClient InitializeClient(SectigoConfig config, ICertificateResolver certResolver) { Logger.MethodEntry(LogLevel.Debug); @@ -314,7 +315,7 @@ public static SectigoClient InitializeClient(SectigoConfig config) if (config.AuthenticationType.ToLower() == "certificate") { clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; - X509Certificate2 authCert = GetClientCertificate(config); + X509Certificate2 authCert = certResolver.ResolveCertificate(config.Certificate); if (authCert == null) { Logger.MethodExit(LogLevel.Debug); @@ -348,58 +349,6 @@ public static SectigoClient InitializeClient(SectigoConfig config) return new SectigoClient(restClient); } - private static X509Certificate2 GetClientCertificate(SectigoConfig config) - { - Logger.MethodEntry(LogLevel.Debug); - //Dictionary caConnectionCertificateDetail = config["ClientCertificate"] as Dictionary; - X509Certificate2 clientCert = null; - - if (!string.IsNullOrEmpty(config.Certificate.Thumbprint)) - { - StoreName sn; - StoreLocation sl; - string thumbprint = config.Certificate.Thumbprint; - - if (String.IsNullOrEmpty(thumbprint) || - !Enum.TryParse(config.Certificate.StoreName, out sn) || - !Enum.TryParse(config.Certificate.StoreLocation, out sl)) - { - throw new Exception("Unable to find client authentication certificate"); - } - - X509Certificate2Collection foundCerts; - using (X509Store currentStore = new X509Store(sn, sl)) - { - Logger.LogTrace($"Search for client auth certificates with Thumprint {thumbprint} in the {sn}{sl} certificate store"); - - currentStore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); - foundCerts = currentStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true); - Logger.LogTrace($"Found {foundCerts.Count} certificates in the {currentStore.Name} store"); - currentStore.Close(); - } - if (foundCerts.Count > 1) - { - throw new Exception($"Multiple certificates with Thumprint {thumbprint} found in the {sn}{sl} certificate store"); - } - if (foundCerts.Count > 0) - clientCert = foundCerts[0]; - } - else - { - // Cert is provided via pfx file instead of cert store - try - { - X509Certificate2 cert = new X509Certificate2(config.Certificate.CertificatePath, config.Certificate.CertificatePassword); - clientCert = cert; - } - catch (Exception ex) - { - throw new Exception($"Unable to open the client certificate file with the given password. Error: {ex.Message}"); - } - } - Logger.MethodExit(LogLevel.Debug); - return clientCert; - } #endregion } } diff --git a/sectigo-scm-caplugin/SectigoCAPlugin.cs b/sectigo-scm-caplugin/SectigoCAPlugin.cs index 9976a1a..57a94fa 100644 --- a/sectigo-scm-caplugin/SectigoCAPlugin.cs +++ b/sectigo-scm-caplugin/SectigoCAPlugin.cs @@ -33,10 +33,12 @@ public class SectigoCAPlugin : IAnyCAPlugin private SectigoConfig _config; private readonly ILogger _logger; private ICertificateDataReader _certificateDataReader; + private ICertificateResolver _certificateResolver; - public SectigoCAPlugin() + public SectigoCAPlugin(ICertificateResolver certResolver) { _logger = LogHandler.GetClassLogger(); + _certificateResolver = certResolver; } public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader) @@ -88,7 +90,7 @@ public async Task Enroll(string csr, string subject, Dictionar department = productInfo.ProductParameters["Department"]; _logger.LogTrace($"Department: {department}"); } - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var fieldList = Task.Run(async () => await client.ListCustomFields()).Result; var allFields = fieldList.CustomFields?.Select(f => f); @@ -370,7 +372,7 @@ public async Task GetSingleRecord(string caRequestID) _logger.LogTrace($"Get Single Certificate Detail from Sectigo (sslId: {caRequestID})"); int sslId = int.Parse(caRequestID.Split('-')[0]); - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var singleCert = Task.Run(async () => await client.GetCertificate(sslId)).Result; _logger.LogTrace($"{singleCert.CommonName} ({singleCert.status}) retrieved from Sectigo."); @@ -446,7 +448,7 @@ public async Task Ping() try { _logger.LogDebug("Attempting to ping Sectigo API"); - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); _ = Task.Run(async () => await client.ListOrganizations()).Result; } catch (Exception ex) @@ -462,7 +464,7 @@ public async Task Revoke(string caRequestID, string hexSerialNumber, uint r try { - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var response = Task.Run(async () => await client.RevokeSslCertificateById(int.Parse(caRequestID), (int)revocationReason, RevokeReasonToString(revocationReason))).Result; _logger.MethodExit(LogLevel.Debug); @@ -501,7 +503,7 @@ public async Task Synchronize(BlockingCollection blockin string[] filterProfileIds = _config.SyncFilterProfileId.Split(','); filter.Add("sslTypeId", filterProfileIds); } - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); producerTask = client.CertificateListProducer(certsToAdd, newCancelToken.Token, _config.PageSize, filter); foreach (Certificate certToAdd in certsToAdd.GetConsumingEnumerable()) @@ -654,7 +656,7 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction _logger.MethodEntry(LogLevel.Debug); string rawConfig = JsonConvert.SerializeObject(connectionInfo); var parsedConfig = JsonConvert.DeserializeObject(rawConfig); - SectigoClient localClient = SectigoClient.InitializeClient(parsedConfig); + SectigoClient localClient = SectigoClient.InitializeClient(parsedConfig, _certificateResolver); var profileList = Task.Run(async () => await localClient.ListSslProfiles()).Result; if (profileList.SslProfiles.Where(p => p.id == int.Parse(productInfo.ProductID)).Count() == 0) @@ -667,28 +669,28 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction private async Task GetOrganizationAsync(string orgName) { - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var orgList = await client.ListOrganizations(); return orgList.Organizations.Where(x => x.name.ToLower().Equals(orgName.ToLower())).FirstOrDefault(); } private async Task GetProfileTerm(int profileId) { - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var profileList = await client.ListSslProfiles(); return profileList.SslProfiles.Where(x => x.id == profileId).FirstOrDefault().terms[0]; } private async Task GetProfile(int profileId) { - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var profileList = await client.ListSslProfiles(); return profileList.SslProfiles.Where(x => x.id == profileId).FirstOrDefault(); } private async Task> GetProfileIds() { - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var profileList = await client.ListSslProfiles(); return profileList.SslProfiles.Select(x => x.id).ToList(); } @@ -730,7 +732,7 @@ private async Task PickUpEnrolledCertificate(int sslId, string while (retryCounter < _config.PickupRetries) { _logger.LogDebug($"Try number {retryCounter + 1} to pickup enrolled certificate"); - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var certificate = Task.Run(async () => await client.PickupCertificate(sslId, subject)).Result; if (certificate != null && !String.IsNullOrEmpty(certificate.Subject)) { @@ -765,7 +767,7 @@ public X509Certificate2 PickupSingleCert(int sslId, string subject) while (retryCounter < _config.PickupRetries) { _logger.LogDebug($"Try number {retryCounter + 1} to pickup single certificate"); - var client = SectigoClient.InitializeClient(_config); + var client = SectigoClient.InitializeClient(_config, _certificateResolver); var certificate = Task.Run(async () => await client.PickupCertificate(sslId, subject)).Result; if (certificate != null && !String.IsNullOrEmpty(certificate.Subject)) { diff --git a/sectigo-scm-caplugin/SectigoConfig.cs b/sectigo-scm-caplugin/SectigoConfig.cs index 5dc091b..41e144a 100644 --- a/sectigo-scm-caplugin/SectigoConfig.cs +++ b/sectigo-scm-caplugin/SectigoConfig.cs @@ -1,4 +1,6 @@ -using Newtonsoft.Json; +using Keyfactor.AnyGateway.Extensions; + +using Newtonsoft.Json; using System; using System.Collections.Generic; @@ -54,13 +56,4 @@ public SectigoConfig() [JsonProperty("ClientCertificate")] public ClientCertificate Certificate { get; set; } } - - public class ClientCertificate - { - public string StoreName { get; set; } - public string StoreLocation { get; set; } - public string Thumbprint { get; set; } - public string CertificatePath { get; set; } - public string CertificatePassword { get; set; } - } } diff --git a/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj b/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj index f9b570d..9c2ced6 100644 --- a/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj +++ b/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj @@ -1,7 +1,7 @@  - net6.0 + net8.0 Keyfactor.Extensions.CAPlugin.Sectigo disable disable @@ -10,7 +10,7 @@ - + From d2a103a6416771f15704352867e396c7510132b1 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 28 Aug 2025 20:16:23 -0400 Subject: [PATCH 02/10] fix for default constructor --- sectigo-scm-caplugin/SectigoCAPlugin.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sectigo-scm-caplugin/SectigoCAPlugin.cs b/sectigo-scm-caplugin/SectigoCAPlugin.cs index 57a94fa..c88038b 100644 --- a/sectigo-scm-caplugin/SectigoCAPlugin.cs +++ b/sectigo-scm-caplugin/SectigoCAPlugin.cs @@ -35,7 +35,7 @@ public class SectigoCAPlugin : IAnyCAPlugin private ICertificateDataReader _certificateDataReader; private ICertificateResolver _certificateResolver; - public SectigoCAPlugin(ICertificateResolver certResolver) + public SectigoCAPlugin(ICertificateResolver certResolver = null) { _logger = LogHandler.GetClassLogger(); _certificateResolver = certResolver; From a53b3ce428b302e800b41d5e395683cf707cf8a3 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Fri, 29 Aug 2025 00:19:30 +0000 Subject: [PATCH 03/10] Update generated docs --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0100805..4b14544 100644 --- a/README.md +++ b/README.md @@ -63,13 +63,16 @@ In addition, for the admin account you plan to use, make sure it has the API adm 2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Sectigo Certificate Manager Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/sectigo-scm-caplugin/releases/latest) from GitHub. -3. Copy the unzipped directory (usually called `net6.0`) to the Extensions directory: +3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory: + ```shell + Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations: Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions + Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions ``` - > The directory containing the Sectigo Certificate Manager Gateway AnyCA Gateway REST plugin DLLs (`net6.0`) can be named anything, as long as it is unique within the `Extensions` directory. + > The directory containing the Sectigo Certificate Manager Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory. 4. Restart the AnyCA Gateway REST service. From 8e12e475b0e0a379d5161c7130009a2842949284 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 12:36:24 -0400 Subject: [PATCH 04/10] logging --- sectigo-scm-caplugin/Client/SectigoClient.cs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index 23b8b70..8a8d5ea 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -135,7 +135,7 @@ public async Task CertificateListProducer(BlockingCollection certs, public async Task> PageCertificates(int position = 0, int size = 25, string filter = "") { - string filterQueryString = String.IsNullOrEmpty(filter) ? string.Empty : $"&{filter}"; + string filterQueryString = string.IsNullOrEmpty(filter) ? string.Empty : $"&{filter}"; Logger.LogTrace($"API Request: api/ssl/v1?position={position}&size={size}{filterQueryString}".TrimEnd()); var response = await RestClient.GetAsync($"api/ssl/v1?position={position}&size={size}{filterQueryString}".TrimEnd()); return await ProcessResponse>(response); @@ -322,6 +322,22 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR throw new Exception("AuthType set to Certificate, but no certificate found!"); } + Logger.LogDebug($"CERT DETAILS: \nSerial Number: {authCert.GetSerialNumberString}\nHas PK: {authCert.HasPrivateKey.ToString()}\nSubject: {authCert.Subject}"); + + Logger.LogTrace("Checking for private key permissions."); + try + { + //https://www.pkisolutions.com/accessing-and-using-certificate-private-keys-in-net-framework-net-core/ + _ = authCert.GetRSAPrivateKey(); + _ = authCert.GetDSAPrivateKey(); + _ = authCert.GetECDsaPrivateKey(); + } + catch + { + throw new Exception("Unable to access the authentication certificate's private key."); + } + + clientHandler.ClientCertificates.Add(authCert); } From fc7dbf3e771bacd91df1202a42a585a60e96475e Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 13:02:54 -0400 Subject: [PATCH 05/10] more logs --- sectigo-scm-caplugin/Client/SectigoClient.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index 8a8d5ea..034a9ae 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -315,6 +315,7 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR if (config.AuthenticationType.ToLower() == "certificate") { clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; + Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}") X509Certificate2 authCert = certResolver.ResolveCertificate(config.Certificate); if (authCert == null) { From 5f75d63d6bb99683563056d9ec41aa52744ba339 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 13:05:51 -0400 Subject: [PATCH 06/10] logs --- sectigo-scm-caplugin/Client/SectigoClient.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index 034a9ae..43ff713 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -315,7 +315,7 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR if (config.AuthenticationType.ToLower() == "certificate") { clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; - Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}") + Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}"); X509Certificate2 authCert = certResolver.ResolveCertificate(config.Certificate); if (authCert == null) { From 58f13aa379afc54f543ebb5b1c962ed63f28a846 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 14:29:10 -0400 Subject: [PATCH 07/10] cert parsing --- sectigo-scm-caplugin/Client/SectigoClient.cs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index 43ff713..8f6e90d 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -315,8 +315,16 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR if (config.AuthenticationType.ToLower() == "certificate") { clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; - Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}"); - X509Certificate2 authCert = certResolver.ResolveCertificate(config.Certificate); + //Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}"); + X509Certificate2 authCert = null; + if (!string.IsNullOrEmpty(config.Certificate.ImportedCertificate)) + { + authCert = new X509Certificate2(Convert.FromBase64String(config.Certificate.ImportedCertificate), config.Certificate.ImportedCertificatePassword); + } + else + { + authCert = certResolver.ResolveCertificate(config.Certificate); + } if (authCert == null) { Logger.MethodExit(LogLevel.Debug); From aab5e26118811ac4622b4e7ce0db787c2b582d51 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 16:37:11 -0400 Subject: [PATCH 08/10] logging cleanup --- sectigo-scm-caplugin/Client/SectigoClient.cs | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/sectigo-scm-caplugin/Client/SectigoClient.cs b/sectigo-scm-caplugin/Client/SectigoClient.cs index 8f6e90d..4d04110 100644 --- a/sectigo-scm-caplugin/Client/SectigoClient.cs +++ b/sectigo-scm-caplugin/Client/SectigoClient.cs @@ -315,7 +315,7 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR if (config.AuthenticationType.ToLower() == "certificate") { clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; - //Logger.LogTrace($"Cert info: \nSource: {config.Certificate.Source}\nThumb: {config.Certificate.Thumbprint}\nStoreName: {config.Certificate.StoreName}\nStoreLoc: {config.Certificate.StoreLocation}\nPath: {config.Certificate.CertificatePath}\nPass: {config.Certificate.CertificatePassword}\nImported: {config.Certificate.ImportedCertificate}\nImportedPass: {config.Certificate.ImportedCertificatePassword}"); + Logger.LogTrace($"Resolving certificate. Source: {config.Certificate.Source}"); X509Certificate2 authCert = null; if (!string.IsNullOrEmpty(config.Certificate.ImportedCertificate)) { @@ -331,21 +331,7 @@ public static SectigoClient InitializeClient(SectigoConfig config, ICertificateR throw new Exception("AuthType set to Certificate, but no certificate found!"); } - Logger.LogDebug($"CERT DETAILS: \nSerial Number: {authCert.GetSerialNumberString}\nHas PK: {authCert.HasPrivateKey.ToString()}\nSubject: {authCert.Subject}"); - - Logger.LogTrace("Checking for private key permissions."); - try - { - //https://www.pkisolutions.com/accessing-and-using-certificate-private-keys-in-net-framework-net-core/ - _ = authCert.GetRSAPrivateKey(); - _ = authCert.GetDSAPrivateKey(); - _ = authCert.GetECDsaPrivateKey(); - } - catch - { - throw new Exception("Unable to access the authentication certificate's private key."); - } - + Logger.LogTrace($"Auth cert found. CERT DETAILS: \nSerial Number: {authCert.GetSerialNumberString()}\nHas PK: {authCert.HasPrivateKey.ToString()}\nSubject: {authCert.Subject}"); clientHandler.ClientCertificates.Add(authCert); } From a05e81348d01baa66c1c9b1ab98ff8446d847ecc Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Sep 2025 17:09:12 -0400 Subject: [PATCH 09/10] changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 137d5a9..43d45ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,3 +7,7 @@ Bugfix - Fix for custom fields in enrollment 1.0.2 Handle change to Sectigo API Revocation call + +1.1.0 +Add support for using the cert upload feature to upload auth certs +Switch to .NET 8 \ No newline at end of file From b924e18416c7be5be965ec536b7583081e86ddc4 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 3 Sep 2025 13:19:13 -0400 Subject: [PATCH 10/10] fix project file to build multiple .net frameworks --- sectigo-scm-caplugin/sectigo-scm-caplugin.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj b/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj index 9c2ced6..cd841e7 100644 --- a/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj +++ b/sectigo-scm-caplugin/sectigo-scm-caplugin.csproj @@ -1,7 +1,7 @@  - net8.0 + net6.0;net8.0 Keyfactor.Extensions.CAPlugin.Sectigo disable disable