You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,6 +103,7 @@ This extension uses the contact information of the GCC Domain point of contact f
103
103
***RetryCount** - This is the number of times the AnyGateway will attempt to pickup an new certificate before reporting an error. Default is 5.
104
104
***SyncIntervalDays** - OPTIONAL: Required if SyncStartDate is used. Specifies how to page the certificate sync. Should be a value such that no interval of that length contains > 500 certificate enrollments.
105
105
***SyncStartDate** - If provided, full syncs will start at the specified date.
106
+
***SyncProducts** - OPTIONAL: If provided as a comma-separated list of product IDs, will limit the certificate sync to only certificates of those products. If blank or not provided, will sync all certs.
106
107
***Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.
107
108
108
109
2. Define [Certificate Profiles](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm) and [Certificate Templates](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) for the Certificate Authority as required. One Certificate Profile must be defined per Certificate Template. It's recommended that each Certificate Profile be named after the Product ID. The GlobalSign MSSL plugin supports the following product IDs:
@@ -121,9 +122,10 @@ This extension uses the contact information of the GCC Domain point of contact f
121
122
122
123
4. In Keyfactor Command (v12.3+), for each imported Certificate Template, follow the [official documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Configuring%20Template%20Options.htm) to define enrollment fields for each of the following parameters:
123
124
124
-
* **CertificateValidityInYears** - Number of years the certificate will be valid for
125
+
* **CertificateValidityInDays** - Number of days the certificate will be valid for
125
126
* **SlotSize** - Maximum number of SANs that a certificate may have - valid values are [FIVE, TEN, FIFTEEN, TWENTY, THIRTY, FOURTY, FIFTY, ONE_HUNDRED]
126
127
* **RootCAType** - The certificate's root CA - Depending on certificate expiration date, SHA_1 not be allowed. Will default to SHA_2 if expiration date exceeds sha1 allowed date. Options are GlobalSign R certs.
128
+
***MSSLProfileId** - OPTIONAL: If specified, enrollments will use that profile ID for domain lookups. If not provided, domain lookup will be done based on the Common Name or first DNS SAN. Useful if your GlobalSign account has multiple domain objects with the same domain string, or subdomains (e.g. sub.test.com vs test.com).
Copy file name to clipboardExpand all lines: integration-manifest.json
+10-2Lines changed: 10 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -61,15 +61,19 @@
61
61
"name": "SyncStartDate",
62
62
"description": "If provided, full syncs will start at the specified date."
63
63
},
64
+
{
65
+
"name": "SyncProducts",
66
+
"description": "OPTIONAL: If provided as a comma-separated list of product IDs, will limit the certificate sync to only certificates of those products. If blank or not provided, will sync all certs."
67
+
},
64
68
{
65
69
"name": "Enabled",
66
70
"description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
67
71
}
68
72
],
69
73
"enrollment_config": [
70
74
{
71
-
"name": "CertificateValidityInYears",
72
-
"description": "Number of years the certificate will be valid for"
75
+
"name": "CertificateValidityInDays",
76
+
"description": "Number of days the certificate will be valid for"
73
77
},
74
78
{
75
79
"name": "SlotSize",
@@ -78,6 +82,10 @@
78
82
{
79
83
"name": "RootCAType",
80
84
"description": "The certificate's root CA - Depending on certificate expiration date, SHA_1 not be allowed. Will default to SHA_2 if expiration date exceeds sha1 allowed date. Options are GlobalSign R certs."
85
+
},
86
+
{
87
+
"name": "MSSLProfileId",
88
+
"description": "OPTIONAL: If specified, enrollments will use that profile ID for domain lookups. If not provided, domain lookup will be done based on the Common Name or first DNS SAN. Useful if your GlobalSign account has multiple domain objects with the same domain string, or subdomains (e.g. sub.test.com vs test.com)."
0 commit comments