Merge a1a39f9 into 6b53e88

Author: dgaley

README.md

@@ -4,6 +4,7 @@ This integration allows for the Synchronization, Enrollment, and Revocation of c
 
 #### Integration status: Production - Ready for use in production environments.
 
+
 ## About the Keyfactor AnyGateway CA Connector
 
 This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.
@@ -12,6 +13,18 @@ This repository contains an AnyGateway CA Connector, which is a plugin to the Ke
 
 
 
+---
+
+
+
+
+
+
+
+
+---
+
+
 # Introduction
 This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from Entrust's Managed SSL/TLS offering.  
 

src/EntrustRestCAProxy/EntrustCAConnector.cs

@@ -534,8 +534,15 @@ public override int Revoke(string caRequestID, string hexSerialNumber, uint revo
 			Dictionary<string, object> connectionInfo = ConfigProvider.CAConnectionData;
 			EntrustClient client = CreateEntrustClient(connectionInfo);
 			string reason = Conversions.RevokeReasonToString(revocationReason);
-			string comment = "Revoked by Entrust Gateway";
+			string comment = $"Revoked by Entrust Gateway for the following reason: {reason}";
 			CAConnectorCertificate cert = GetSingleRecord(caRequestID);
+
+			if (!string.Equals(reason, "keyCompromise"))
+			{
+				// Entrust no longer accepts any reason codes other than keyCompromise and unspecified.
+				reason = "unspecified";
+			}
+
 			if (!(cert.Status == (int)RequestDisposition.ISSUED))
 			{
 				string errorMessage = String.Format("Request {0} was not found in Entrust database or is not in a valid state to perform a revocation", caRequestID);