You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-19Lines changed: 21 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -206,23 +206,6 @@ The plugin supports the following standard CRL revocation reasons:
206
206
| **HydrantIdAuthId** | API Authentication ID provided by HydrantId | Yes | `your-auth-id` |
207
207
| **HydrantIdAuthKey** | API Authentication Key provided by HydrantId | Yes | `your-secret-auth-key` |
208
208
209
-
### Template (Product) Configuration
210
-
211
-
Each certificate template (policy) discovered from HydrantId requires configuration for enrollment:
212
-
213
-
| Parameter | Description | Required | Example |
214
-
|-----------|-------------|----------|---------|
215
-
| **ValidityPeriod** | Time unit for certificate lifetime | Yes | `Days`, `Months`, or `Years` |
216
-
| **ValidityUnits** | Numeric value for the validity period | Yes | `365` (for 1 year in days), `12` (for 1 year in months), `2` (for 2 years) |
217
-
| **RenewalDays** | Days before expiration to trigger renewal | Yes | `30` (renew within 30 days of expiration) |
218
-
219
-
**Important Notes:**
220
-
- Template names (Product IDs) are automatically discovered from HydrantId using the GET /api/v2/policies endpoint
221
-
- The ValidityPeriod and ValidityUnits combine to determine the certificate lifetime
222
-
- RenewalDays determines the behavior for certificate renewal:
223
-
- Within window: Performs a renewal operation (maintains certificate lineage)
224
-
- Outside window: Performs a re-issue operation (new certificate enrollment)
225
-
226
209
### Gateway Registration Notes
227
210
228
211
- Each defined Certificate Authority in the AnyCA Gateway REST can support one HydrantId API endpoint
@@ -278,11 +261,30 @@ The plugin supports the following standard CRL revocation reasons:
278
261
* **HydrantIdAuthId** - The AuthId Obtained from HydrantId.
279
262
* **HydrantIdAuthKey** - The AuthKey Obtained from HydrantId.
280
263
281
-
2. TODO Certificate Template Creation Step is a required section
264
+
2. ### Template (Product) Configuration
265
+
266
+
Each certificate template (policy) discovered from HydrantId requires configuration for enrollment:
267
+
268
+
| Parameter | Description | Required | Example |
269
+
|-----------|-------------|----------|---------|
270
+
| **ValidityPeriod** | Time unit for certificate lifetime | Yes | `Days`, `Months`, or `Years` |
271
+
| **ValidityUnits** | Numeric value for the validity period | Yes | `365` (for 1 year in days), `12` (for 1 year in months), `2` (for 2 years) |
272
+
| **RenewalDays** | Days before expiration to trigger renewal | Yes | `30` (renew within 30 days of expiration) |
273
+
274
+
**Important Notes:**
275
+
- Template names (Product IDs) are automatically discovered from HydrantId using the GET /api/v2/policies endpoint
276
+
- The ValidityPeriod and ValidityUnits combine to determine the certificate lifetime
277
+
- RenewalDays determines the behavior for certificate renewal:
278
+
- Within window: Performs a renewal operation (maintains certificate lineage)
279
+
- Outside window: Performs a re-issue operation (new certificate enrollment)
282
280
283
281
3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
284
282
285
-
4. TODO Custom Enrollment Parameter Creation Step is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
283
+
4. In Keyfactor Command (v12.3+), for each imported Certificate Template, follow the [official documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Configuring%20Template%20Options.htm) to define enrollment fields for each of the following parameters:
284
+
285
+
* **ValidityPeriod** - The desired lifetime time period could be Days, Months or Years.
286
+
* **ValidityUnits** - The desired lifetime time value some number indicating days, months or years.
287
+
* **RenewalDays** - The window that determines whether it is a renewal vs a re-issue.
0 commit comments