You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docsource/configuration.md
+49Lines changed: 49 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,55 @@ This integration is tested and confirmed as working for Anygateway REST 24.2 and
10
10
11
11
The Root certificates for installation on the Anygateway server machine should be obtained from CSC.
12
12
13
+
## CA Connection Configuration
14
+
15
+
When defining the Certificate Authority in the AnyCA Gateway REST portal, configure the following fields on the **CA Connection** tab:
16
+
17
+
CONFIG ELEMENT | DESCRIPTION | DEFAULT
18
+
---------------|-------------|--------
19
+
CscGlobalUrl | The base URL for the CSCGlobal API (e.g. `https://apis.cscglobal.com`) | (required)
20
+
ApiKey | Your CSCGlobal API key | (required)
21
+
BearerToken | Your CSCGlobal Bearer token for authentication | (required)
22
+
DefaultPageSize | Page size for API list requests | 100
23
+
SyncFilterDays | Number of days from today used to filter certificates by expiration date during **incremental** sync. Only certificates expiring within this window are returned. Does not apply to full sync. | 5
24
+
RenewalWindowDays | Number of days before the annual order expiry date within which a **RenewOrReissue** request triggers a paid **Renewal** rather than a free **Reissue**. See [Renewal vs. Reissue Logic](#renewal-vs-reissue-logic) below. | 30
25
+
26
+
## Renewal vs. Reissue Logic
27
+
28
+
CSC Global subscriptions are annual orders. When Keyfactor Command sends a **RenewOrReissue** request, the plugin must decide whether to submit a **Renewal** (a new paid order) or a **Reissue** (a free re-key under the existing active order).
29
+
30
+
The decision is based on the **RenewalWindowDays** setting and works as follows:
31
+
32
+
1. The plugin fetches the original certificate from CSC and reads its `orderDate`.
33
+
2. It computes the **order expiry** as `orderDate + 1 year`.
34
+
3. It calculates **days remaining** until the order expires.
35
+
4. If `days remaining <= RenewalWindowDays`, the request is treated as a **Renewal** (new paid order).
36
+
5. If `days remaining > RenewalWindowDays`, the request is treated as a **Reissue** (free under the active order).
37
+
38
+
**Example with default RenewalWindowDays = 30:**
39
+
40
+
```
41
+
Order Date: 2025-04-08
42
+
Order Expiry: 2026-04-08
43
+
Today: 2026-03-15
44
+
Days Left: 24
45
+
46
+
24 <= 30 --> RENEWAL (new paid order)
47
+
```
48
+
49
+
```
50
+
Order Date: 2025-04-08
51
+
Order Expiry: 2026-04-08
52
+
Today: 2025-09-01
53
+
Days Left: 219
54
+
55
+
219 > 30 --> REISSUE (free under active order)
56
+
```
57
+
58
+
**Fallback behavior:** If the plugin cannot retrieve the `orderDate` from CSC (e.g., API error or missing field), it falls back to checking the certificate's expiration date. If the certificate is already expired, it treats the request as a Renewal.
59
+
60
+
**Note:** Both Renewal and Reissue submissions are asynchronous at CSC. The plugin returns a "pending" status and the issued certificate will appear in Keyfactor after the next sync cycle.
61
+
13
62
## Certificate Template Creation Step
14
63
15
64
PLEASE NOTE, AT THIS TIME THE RAPID_SSL TEMPLATE IS NOT SUPPORTED BY THE CSC API AND WILL NOT WORK WITH THIS INTEGRATION
0 commit comments