From e9c7f02436a319ee8a6f9a2e9a8071d51f90be1a Mon Sep 17 00:00:00 2001
From: Brian Hill <bhill@keyfactor.com>
Date: Wed, 8 Apr 2026 08:19:18 -0400
Subject: [PATCH] Add comprehensive logging and null reference protection

Add extensive trace/error logging and null guards across all project
files to aid debugging and prevent NullReferenceExceptions:

- SslStoreCaProxy.cs: Harden Synchronize, Enroll, Revoke,
  GetSingleRecord, Initialize, ValidateEmails, GetEnrollmentResult
- SslStoreClient.cs: Add logging/null checks to all API methods,
  constructor, and query pagination
- KeyfactorClient.cs: Add logging/null checks to constructor,
  template update, and template query pagination
- RequestManager.cs: Add logging/null checks to all request builders,
  MapReturnStatus, GetCertificateContent, and contact helpers
- .gitignore: Add .claude/ directory

Fixes sync NullReferenceException and operator precedence bug.
AB#84952

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitignore                                |   3 +
 SslStoreCaProxy/Client/KeyfactorClient.cs | 151 +++-
 SslStoreCaProxy/Client/SslStoreClient.cs  | 292 ++++++--
 SslStoreCaProxy/RequestManager.cs         | 271 +++++--
 SslStoreCaProxy/SslStoreCaProxy.cs        | 818 +++++++++++++++++-----
 5 files changed, 1214 insertions(+), 321 deletions(-)

diff --git a/.gitignore b/.gitignore
index dfcfd56..8a88a85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -348,3 +348,6 @@ MigrationBackup/
 
 # Ionide (cross platform F# VS Code tools) working folder
 .ionide/
+
+# Claude Code
+.claude/
diff --git a/SslStoreCaProxy/Client/KeyfactorClient.cs b/SslStoreCaProxy/Client/KeyfactorClient.cs
index 900e096..5528388 100644
--- a/SslStoreCaProxy/Client/KeyfactorClient.cs
+++ b/SslStoreCaProxy/Client/KeyfactorClient.cs
@@ -23,36 +23,86 @@ public sealed class KeyfactorClient: LoggingClientBase, IKeyfactorClient
 
         public KeyfactorClient(ICAConnectorConfigProvider configProvider)
         {
-            var keyfactorBaseUrl = new Uri(configProvider.CAConnectionData[Constants.KeyfactorApiUrl].ToString());
-            var keyfactorAuth = configProvider.CAConnectionData[Constants.KeyfactorApiUserId] + ":" + configProvider.CAConnectionData[Constants.KeyfactorApiPassword];
-            var plainTextBytes = Encoding.UTF8.GetBytes(keyfactorAuth);
-
-            var clientHandler = new WebRequestHandler();
-            RestClient = new HttpClient(clientHandler, true) { BaseAddress = keyfactorBaseUrl };
-            RestClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
-            RestClient.DefaultRequestHeaders.Add("x-keyfactor-requested-with", "APIClient");
-            RestClient.DefaultRequestHeaders.Add("Authorization", "Basic " + Convert.ToBase64String(plainTextBytes));
+            Logger.Trace("KeyfactorClient constructor called.");
+            try
+            {
+                if (configProvider?.CAConnectionData == null)
+                {
+                    Logger.Error("KeyfactorClient: configProvider or CAConnectionData is null.");
+                    throw new ArgumentNullException(nameof(configProvider), "configProvider or CAConnectionData is null.");
+                }
+
+                if (!configProvider.CAConnectionData.ContainsKey(Constants.KeyfactorApiUrl))
+                {
+                    Logger.Error($"KeyfactorClient: Missing required config key '{Constants.KeyfactorApiUrl}'.");
+                    throw new InvalidOperationException($"Missing required config key '{Constants.KeyfactorApiUrl}'.");
+                }
+
+                var apiUrlValue = configProvider.CAConnectionData[Constants.KeyfactorApiUrl]?.ToString();
+                Logger.Trace($"KeyfactorClient: KeyfactorApiUrl={apiUrlValue ?? "(null)"}");
+
+                if (string.IsNullOrEmpty(apiUrlValue))
+                {
+                    Logger.Error("KeyfactorClient: KeyfactorApiUrl value is null or empty.");
+                    throw new InvalidOperationException("KeyfactorApiUrl value is null or empty.");
+                }
+
+                var keyfactorBaseUrl = new Uri(apiUrlValue);
+
+                var userId = configProvider.CAConnectionData.ContainsKey(Constants.KeyfactorApiUserId)
+                    ? configProvider.CAConnectionData[Constants.KeyfactorApiUserId]?.ToString() ?? ""
+                    : "";
+                var password = configProvider.CAConnectionData.ContainsKey(Constants.KeyfactorApiPassword)
+                    ? configProvider.CAConnectionData[Constants.KeyfactorApiPassword]?.ToString() ?? ""
+                    : "";
+
+                if (string.IsNullOrEmpty(userId))
+                    Logger.Warn("KeyfactorClient: KeyfactorApiUserId is null or empty.");
+
+                Logger.Trace($"KeyfactorClient: Configuring with userId={userId}, BaseAddress={keyfactorBaseUrl}");
+
+                var keyfactorAuth = userId + ":" + password;
+                var plainTextBytes = Encoding.UTF8.GetBytes(keyfactorAuth);
+
+                var clientHandler = new WebRequestHandler();
+                RestClient = new HttpClient(clientHandler, true) { BaseAddress = keyfactorBaseUrl };
+                RestClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+                RestClient.DefaultRequestHeaders.Add("x-keyfactor-requested-with", "APIClient");
+                RestClient.DefaultRequestHeaders.Add("Authorization", "Basic " + Convert.ToBase64String(plainTextBytes));
+
+                Logger.Trace("KeyfactorClient: RestClient configured successfully.");
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"KeyfactorClient constructor failed: {ex.Message}\n{ex.StackTrace}");
+                throw;
+            }
         }
 
         public async Task<Template> SubmitUpdateTemplateAsync(Template templateRequest)
         {
-            using (var resp = await RestClient.PutAsync("/KeyfactorApi/Templates", new StringContent(
-                JsonConvert.SerializeObject(templateRequest), Encoding.ASCII, "application/json")))
+            Logger.Trace("SubmitUpdateTemplateAsync called.");
+            try
             {
-                try
+                Logger.Trace($"SubmitUpdateTemplateAsync Request JSON: {JsonConvert.SerializeObject(templateRequest)}");
+                using (var resp = await RestClient.PutAsync("/KeyfactorApi/Templates", new StringContent(
+                    JsonConvert.SerializeObject(templateRequest), Encoding.ASCII, "application/json")))
                 {
-                    Logger.Trace(JsonConvert.SerializeObject(templateRequest));
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitUpdateTemplateAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
                     resp.EnsureSuccessStatusCode();
-                    var templateResponse =
-                        JsonConvert.DeserializeObject<Template>(await resp.Content.ReadAsStringAsync());
+                    var templateResponse = JsonConvert.DeserializeObject<Template>(responseBody);
+                    if (templateResponse == null)
+                        Logger.Warn("SubmitUpdateTemplateAsync: Deserialized response is null.");
                     return templateResponse;
                 }
-                catch(Exception e)
-                {
-                    Logger.Error($"Keyfactor API Error Occured Updating Keyfactor Template: {e.Message}");
-                    return new Template();
-                }
-                
+            }
+            catch (Exception e)
+            {
+                Logger.Error($"Keyfactor API Error Occurred Updating Keyfactor Template: {e.Message}\n{e.StackTrace}");
+                if (e.InnerException != null)
+                    Logger.Error($"Inner exception: {e.InnerException.Message}\n{e.InnerException.StackTrace}");
+                return new Template();
             }
         }
 
@@ -60,6 +110,7 @@ public async Task SubmitQueryTemplatesRequestAsync(BlockingCollection<ITemplate>
             RequestManager requestManager)
         {
             Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace("SubmitQueryTemplatesRequestAsync starting...");
             try
             {
                 var itemsProcessed = 0;
@@ -69,6 +120,7 @@ public async Task SubmitQueryTemplatesRequestAsync(BlockingCollection<ITemplate>
                 do
                 {
                     pageCounter++;
+                    Logger.Trace($"SubmitQueryTemplatesRequestAsync: Requesting page {pageCounter}");
                     var batchItemsProcessed = 0;
                     using (var resp = await RestClient.GetAsync("/KeyfactorApi/Templates"))
                     {
@@ -80,25 +132,48 @@ public async Task SubmitQueryTemplatesRequestAsync(BlockingCollection<ITemplate>
                             retryCount++;
                             if (retryCount > 5)
                                 throw new RetryCountExceededException(
-                                    $"5 consecutive failures to {resp.RequestMessage.RequestUri}");
+                                    $"5 consecutive failures to {resp.RequestMessage?.RequestUri}");
 
                             continue;
                         }
 
+                        retryCount = 0;
                         var stringResponse = await resp.Content.ReadAsStringAsync();
+                        Logger.Trace($"SubmitQueryTemplatesRequestAsync: Response length={stringResponse?.Length ?? 0}");
 
                         var batchResponse =
                             JsonConvert.DeserializeObject<List<Template>>(stringResponse);
 
+                        if (batchResponse == null)
+                        {
+                            Logger.Warn("SubmitQueryTemplatesRequestAsync: Deserialized batch response is null. Ending pagination.");
+                            isComplete = true;
+                            break;
+                        }
+
                         var batchCount = batchResponse.Count;
+                        Logger.Trace($"Processing {batchCount} templates in batch");
+
+                        if (batchCount == 0)
+                        {
+                            Logger.Trace("SubmitQueryTemplatesRequestAsync: Empty batch received. Ending pagination.");
+                            isComplete = true;
+                            break;
+                        }
 
-                        Logger.Trace($"Processing {batchCount} items in batch");
                         do
                         {
                             var r = batchResponse[batchItemsProcessed];
+                            if (r == null)
+                            {
+                                Logger.Warn($"SubmitQueryTemplatesRequestAsync: Null template at index {batchItemsProcessed}, skipping.");
+                                batchItemsProcessed++;
+                                continue;
+                            }
+
                             if (bc.TryAdd(r, 10, ct))
                             {
-                                Logger.Trace($"Added Template ID {r.Id} to Queue for processing");
+                                Logger.Trace($"Added Template ID {r.Id}, CommonName={r.CommonName ?? "(null)"} to Queue for processing");
                                 batchItemsProcessed++;
                                 itemsProcessed++;
                                 Logger.Trace($"Processed {batchItemsProcessed} of {batchCount}");
@@ -106,10 +181,10 @@ public async Task SubmitQueryTemplatesRequestAsync(BlockingCollection<ITemplate>
                             }
                             else
                             {
-                                Logger.Trace($"Adding {r} blocked. Retry");
+                                Logger.Trace($"Adding template {r.Id} blocked. Retry");
                             }
                         } while (batchItemsProcessed < batchCount); //batch loop
-                      
+
                     }
 
                     //assume that if we process less records than requested that we have reached the end of the certificate list
@@ -117,29 +192,41 @@ public async Task SubmitQueryTemplatesRequestAsync(BlockingCollection<ITemplate>
                         isComplete = true;
                 } while (!isComplete); //page loop
 
+                Logger.Trace($"SubmitQueryTemplatesRequestAsync: Pagination complete. Total templates processed={itemsProcessed}");
                 bc.CompleteAdding();
             }
             catch (OperationCanceledException cancelEx)
             {
-                Logger.Warn($"Synchronize method was cancelled. Message: {cancelEx.Message}");
+                Logger.Warn($"SubmitQueryTemplatesRequestAsync was cancelled. Message: {cancelEx.Message}");
                 bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-                // ReSharper disable once PossibleIntendedRethrow
-                throw cancelEx;
+                throw;
             }
             catch (RetryCountExceededException retryEx)
             {
-                Logger.Error($"Retries Failed: {retryEx.Message}");
+                Logger.Error($"Retries Failed: {retryEx.Message}\n{retryEx.StackTrace}");
+                bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
             }
             catch (HttpRequestException ex)
             {
-                Logger.Error($"HttpRequest Failed: {ex.Message}");
+                Logger.Error($"HttpRequest Failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                bc.CompleteAdding();
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitQueryTemplatesRequestAsync unexpected error: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
             }
 
             Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-            
+
         }
 
 
diff --git a/SslStoreCaProxy/Client/SslStoreClient.cs b/SslStoreCaProxy/Client/SslStoreClient.cs
index 980b13f..9d61acf 100644
--- a/SslStoreCaProxy/Client/SslStoreClient.cs
+++ b/SslStoreCaProxy/Client/SslStoreClient.cs
@@ -20,10 +20,29 @@ public sealed class SslStoreClient : LoggingClientBase, ISslStoreClient
     {
         public SslStoreClient(ICAConnectorConfigProvider config)
         {
+            Logger.Trace("SslStoreClient constructor called.");
+            if (config?.CAConnectionData == null)
+            {
+                Logger.Error("SslStoreClient: config or CAConnectionData is null.");
+                return;
+            }
+
             if (config.CAConnectionData.ContainsKey(Constants.SslStoreUrl))
             {
-                BaseUrl = new Uri(config.CAConnectionData[Constants.SslStoreUrl].ToString());
+                var urlValue = config.CAConnectionData[Constants.SslStoreUrl]?.ToString();
+                Logger.Trace($"SslStoreClient: SslStoreUrl={urlValue ?? "(null)"}");
+                if (string.IsNullOrEmpty(urlValue))
+                {
+                    Logger.Error("SslStoreClient: SslStoreUrl value is null or empty.");
+                    return;
+                }
+                BaseUrl = new Uri(urlValue);
                 RestClient = ConfigureRestClient();
+                Logger.Trace("SslStoreClient: RestClient configured successfully.");
+            }
+            else
+            {
+                Logger.Error($"SslStoreClient: Missing required config key '{Constants.SslStoreUrl}'.");
             }
         }
 
@@ -33,51 +52,109 @@ public SslStoreClient(ICAConnectorConfigProvider config)
 
         public async Task<NewOrderResponse> SubmitNewOrderRequestAsync(NewOrderRequest newOrderRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/neworder", new StringContent(
-                JsonConvert.SerializeObject(newOrderRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitNewOrderRequestAsync called.");
+            try
             {
-                Logger.Trace(JsonConvert.SerializeObject(newOrderRequest));
-                resp.EnsureSuccessStatusCode();
-                var enrollmentResponse =
-                    JsonConvert.DeserializeObject<NewOrderResponse>(await resp.Content.ReadAsStringAsync());
-                return enrollmentResponse;
+                Logger.Trace($"SubmitNewOrderRequestAsync Request JSON: {JsonConvert.SerializeObject(newOrderRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/neworder", new StringContent(
+                    JsonConvert.SerializeObject(newOrderRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitNewOrderRequestAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    resp.EnsureSuccessStatusCode();
+                    var enrollmentResponse = JsonConvert.DeserializeObject<NewOrderResponse>(responseBody);
+                    if (enrollmentResponse == null)
+                        Logger.Warn("SubmitNewOrderRequestAsync: Deserialized response is null.");
+                    return enrollmentResponse;
+                }
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitNewOrderRequestAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
         public async Task<EmailApproverResponse> SubmitEmailApproverRequestAsync(EmailApproverRequest newApproverRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/approverlist", new StringContent(
-                JsonConvert.SerializeObject(newApproverRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitEmailApproverRequestAsync called.");
+            try
+            {
+                Logger.Trace($"SubmitEmailApproverRequestAsync Request JSON: {JsonConvert.SerializeObject(newApproverRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/approverlist", new StringContent(
+                    JsonConvert.SerializeObject(newApproverRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitEmailApproverRequestAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    resp.EnsureSuccessStatusCode();
+                    var enrollmentResponse = JsonConvert.DeserializeObject<EmailApproverResponse>(responseBody);
+                    if (enrollmentResponse == null)
+                        Logger.Warn("SubmitEmailApproverRequestAsync: Deserialized response is null.");
+                    return enrollmentResponse;
+                }
+            }
+            catch (Exception ex)
             {
-                Logger.Trace(JsonConvert.SerializeObject(newApproverRequest));
-                resp.EnsureSuccessStatusCode();
-                var enrollmentResponse =
-                    JsonConvert.DeserializeObject<EmailApproverResponse>(await resp.Content.ReadAsStringAsync());
-                return enrollmentResponse;
+                Logger.Error($"SubmitEmailApproverRequestAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
         public async Task<NewOrderResponse> SubmitReIssueRequestAsync(ReIssueRequest reIssueOrderRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/reissue", new StringContent(
-                JsonConvert.SerializeObject(reIssueOrderRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitReIssueRequestAsync called.");
+            try
+            {
+                Logger.Trace($"SubmitReIssueRequestAsync Request JSON: {JsonConvert.SerializeObject(reIssueOrderRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/reissue", new StringContent(
+                    JsonConvert.SerializeObject(reIssueOrderRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitReIssueRequestAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    resp.EnsureSuccessStatusCode();
+                    var orderStatusResponse = JsonConvert.DeserializeObject<NewOrderResponse>(responseBody);
+                    if (orderStatusResponse == null)
+                        Logger.Warn("SubmitReIssueRequestAsync: Deserialized response is null.");
+                    return orderStatusResponse;
+                }
+            }
+            catch (Exception ex)
             {
-                var orderStatusResponse =
-                    JsonConvert.DeserializeObject<NewOrderResponse>(await resp.Content.ReadAsStringAsync());
-                return orderStatusResponse;
+                Logger.Error($"SubmitReIssueRequestAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
         public async Task<NewOrderResponse> SubmitRenewRequestAsync(NewOrderRequest renewOrderRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/neworder", new StringContent(
-                JsonConvert.SerializeObject(renewOrderRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitRenewRequestAsync called.");
+            try
+            {
+                Logger.Trace($"SubmitRenewRequestAsync Request JSON: {JsonConvert.SerializeObject(renewOrderRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/neworder", new StringContent(
+                    JsonConvert.SerializeObject(renewOrderRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitRenewRequestAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    resp.EnsureSuccessStatusCode();
+                    var enrollmentResponse = JsonConvert.DeserializeObject<NewOrderResponse>(responseBody);
+                    if (enrollmentResponse == null)
+                        Logger.Warn("SubmitRenewRequestAsync: Deserialized response is null.");
+                    return enrollmentResponse;
+                }
+            }
+            catch (Exception ex)
             {
-                Logger.Trace(JsonConvert.SerializeObject(renewOrderRequest));
-                resp.EnsureSuccessStatusCode();
-                var enrollmentResponse =
-                    JsonConvert.DeserializeObject<NewOrderResponse>(await resp.Content.ReadAsStringAsync());
-                return enrollmentResponse;
+                Logger.Error($"SubmitRenewRequestAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
@@ -85,14 +162,28 @@ public async Task<NewOrderResponse> SubmitRenewRequestAsync(NewOrderRequest rene
         public async Task<IDownloadCertificateResponse> SubmitDownloadCertificateAsync(
             DownloadCertificateRequest downloadOrderRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/download", new StringContent(
-                JsonConvert.SerializeObject(downloadOrderRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitDownloadCertificateAsync called.");
+            try
             {
-                Logger.Trace(JsonConvert.SerializeObject(downloadOrderRequest));
-                resp.EnsureSuccessStatusCode();
-                var downloadOrderResponse =
-                    JsonConvert.DeserializeObject<DownloadCertificateResponse>(await resp.Content.ReadAsStringAsync());
-                return downloadOrderResponse;
+                Logger.Trace($"SubmitDownloadCertificateAsync Request JSON: {JsonConvert.SerializeObject(downloadOrderRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/download", new StringContent(
+                    JsonConvert.SerializeObject(downloadOrderRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitDownloadCertificateAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    resp.EnsureSuccessStatusCode();
+                    var downloadOrderResponse = JsonConvert.DeserializeObject<DownloadCertificateResponse>(responseBody);
+                    if (downloadOrderResponse == null)
+                        Logger.Warn("SubmitDownloadCertificateAsync: Deserialized response is null.");
+                    return downloadOrderResponse;
+                }
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitDownloadCertificateAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
@@ -100,6 +191,7 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
             RequestManager requestManager)
         {
             Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace("SubmitQueryOrderRequestAsync starting...");
             try
             {
                 var itemsProcessed = 0;
@@ -109,6 +201,7 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
                 do
                 {
                     pageCounter++;
+                    Logger.Trace($"SubmitQueryOrderRequestAsync: Requesting page {pageCounter}, PageSize={PageSize}");
                     var queryOrderRequest = requestManager.GetQueryOrderRequest(PageSize, pageCounter);
                     var batchItemsProcessed = 0;
                     using (var resp = await RestClient.PostAsync("/rest/order/query", new StringContent(
@@ -122,26 +215,50 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
                             retryCount++;
                             if (retryCount > 5)
                                 throw new RetryCountExceededException(
-                                    $"5 consecutive failures to {resp.RequestMessage.RequestUri}");
+                                    $"5 consecutive failures to {resp.RequestMessage?.RequestUri}");
 
                             continue;
                         }
 
+                        retryCount = 0;
+                        var responseBody = await resp.Content.ReadAsStringAsync();
+                        Logger.Trace($"SubmitQueryOrderRequestAsync: Page {pageCounter} response length={responseBody?.Length ?? 0}");
+
                         var batchResponse =
-                            JsonConvert.DeserializeObject<List<NewOrderResponse>>(
-                                await resp.Content.ReadAsStringAsync());
+                            JsonConvert.DeserializeObject<List<NewOrderResponse>>(responseBody);
+
+                        if (batchResponse == null)
+                        {
+                            Logger.Warn($"SubmitQueryOrderRequestAsync: Deserialized batch response is null for page {pageCounter}. Ending pagination.");
+                            isComplete = true;
+                            break;
+                        }
 
                         Logger.Trace($"Order List JSON {JsonConvert.SerializeObject(batchResponse)}");
 
                         var batchCount = batchResponse.Count;
+                        Logger.Trace($"Processing {batchCount} items in batch (page {pageCounter})");
+
+                        if (batchCount == 0)
+                        {
+                            Logger.Trace("SubmitQueryOrderRequestAsync: Empty batch received. Ending pagination.");
+                            isComplete = true;
+                            break;
+                        }
 
-                        Logger.Trace($"Processing {batchCount} items in batch");
                         do
                         {
                             var r = batchResponse[batchItemsProcessed];
+                            if (r == null)
+                            {
+                                Logger.Warn($"SubmitQueryOrderRequestAsync: Null item at index {batchItemsProcessed} in batch, skipping.");
+                                batchItemsProcessed++;
+                                continue;
+                            }
+
                             if (bc.TryAdd(r, 10, ct))
                             {
-                                Logger.Trace($"Added Certificate ID {r.TheSslStoreOrderId} to Queue for processing");
+                                Logger.Trace($"Added Certificate ID {r.TheSslStoreOrderId ?? "(null)"} to Queue for processing");
                                 batchItemsProcessed++;
                                 itemsProcessed++;
                                 Logger.Trace($"Processed {batchItemsProcessed} of {batchCount}");
@@ -149,7 +266,7 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
                             }
                             else
                             {
-                                Logger.Trace($"Adding {r} blocked. Retry");
+                                Logger.Trace($"Adding order {r.TheSslStoreOrderId ?? "(null)"} blocked. Retry");
                             }
                         } while (batchItemsProcessed < batchCount); //batch loop
                     }
@@ -159,6 +276,7 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
                         isComplete = true;
                 } while (!isComplete); //page loop
 
+                Logger.Trace($"SubmitQueryOrderRequestAsync: Pagination complete. Total items processed={itemsProcessed}, pages={pageCounter}");
                 bc.CompleteAdding();
             }
             catch (OperationCanceledException cancelEx)
@@ -166,17 +284,28 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
                 Logger.Warn($"Synchronize method was cancelled. Message: {cancelEx.Message}");
                 bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-                // ReSharper disable once PossibleIntendedRethrow
-                throw cancelEx;
+                throw;
             }
             catch (RetryCountExceededException retryEx)
             {
-                Logger.Error($"Retries Failed: {retryEx.Message}");
+                Logger.Error($"Retries Failed: {retryEx.Message}\n{retryEx.StackTrace}");
+                bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
             }
             catch (HttpRequestException ex)
             {
-                Logger.Error($"HttpRequest Failed: {ex.Message}");
+                Logger.Error($"HttpRequest Failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                bc.CompleteAdding();
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitQueryOrderRequestAsync unexpected error: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                bc.CompleteAdding();
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
             }
 
@@ -185,34 +314,79 @@ public async Task SubmitQueryOrderRequestAsync(BlockingCollection<INewOrderRespo
 
         public async Task<IOrderStatusResponse> SubmitRevokeCertificateAsync(RevokeOrderRequest revokeOrderRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/refundrequest", new StringContent(
-                JsonConvert.SerializeObject(revokeOrderRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitRevokeCertificateAsync called.");
+            try
             {
-                var revocationResponse =
-                    JsonConvert.DeserializeObject<OrderStatusResponse>(await resp.Content.ReadAsStringAsync());
-                return revocationResponse;
+                Logger.Trace($"SubmitRevokeCertificateAsync Request JSON: {JsonConvert.SerializeObject(revokeOrderRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/refundrequest", new StringContent(
+                    JsonConvert.SerializeObject(revokeOrderRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitRevokeCertificateAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    var revocationResponse = JsonConvert.DeserializeObject<OrderStatusResponse>(responseBody);
+                    if (revocationResponse == null)
+                        Logger.Warn("SubmitRevokeCertificateAsync: Deserialized response is null.");
+                    return revocationResponse;
+                }
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitRevokeCertificateAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
         public async Task<INewOrderResponse> SubmitOrderStatusRequestAsync(OrderStatusRequest orderStatusRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/order/status", new StringContent(
-                JsonConvert.SerializeObject(orderStatusRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitOrderStatusRequestAsync called.");
+            try
             {
-                var orderStatusResponse =
-                    JsonConvert.DeserializeObject<NewOrderResponse>(await resp.Content.ReadAsStringAsync());
-                return orderStatusResponse;
+                Logger.Trace($"SubmitOrderStatusRequestAsync Request JSON: {JsonConvert.SerializeObject(orderStatusRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/order/status", new StringContent(
+                    JsonConvert.SerializeObject(orderStatusRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitOrderStatusRequestAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    var orderStatusResponse = JsonConvert.DeserializeObject<NewOrderResponse>(responseBody);
+                    if (orderStatusResponse == null)
+                        Logger.Warn("SubmitOrderStatusRequestAsync: Deserialized response is null.");
+                    return orderStatusResponse;
+                }
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SubmitOrderStatusRequestAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
         public async Task<IOrganizationResponse> SubmitOrganizationListAsync(OrganizationListRequest organizationListRequest)
         {
-            using (var resp = await RestClient.PostAsync("/rest/digicert/organizationlist", new StringContent(
-                JsonConvert.SerializeObject(organizationListRequest), Encoding.UTF8, "application/json")))
+            Logger.Trace("SubmitOrganizationListAsync called.");
+            try
+            {
+                Logger.Trace($"SubmitOrganizationListAsync Request JSON: {JsonConvert.SerializeObject(organizationListRequest)}");
+                using (var resp = await RestClient.PostAsync("/rest/digicert/organizationlist", new StringContent(
+                    JsonConvert.SerializeObject(organizationListRequest), Encoding.UTF8, "application/json")))
+                {
+                    var responseBody = await resp.Content.ReadAsStringAsync();
+                    Logger.Trace($"SubmitOrganizationListAsync Response StatusCode={resp.StatusCode}, Body={responseBody}");
+                    var organizationListResponse = JsonConvert.DeserializeObject<OrganizationResponse>(responseBody);
+                    if (organizationListResponse == null)
+                        Logger.Warn("SubmitOrganizationListAsync: Deserialized response is null.");
+                    return organizationListResponse;
+                }
+            }
+            catch (Exception ex)
             {
-                var organizationListResponse =
-                    JsonConvert.DeserializeObject<OrganizationResponse>(await resp.Content.ReadAsStringAsync());
-                return organizationListResponse;
+                Logger.Error($"SubmitOrganizationListAsync failed: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                throw;
             }
         }
 
diff --git a/SslStoreCaProxy/RequestManager.cs b/SslStoreCaProxy/RequestManager.cs
index 8df75a4..03890ca 100644
--- a/SslStoreCaProxy/RequestManager.cs
+++ b/SslStoreCaProxy/RequestManager.cs
@@ -32,19 +32,51 @@ public RequestManager(SslStoreCaProxy sslStoreCaProxy)
         public NewOrderRequest GetEnrollmentRequest(string csr, EnrollmentProductInfo productInfo,
             ICAConnectorConfigProvider configProvider, bool isRenewalOrder)
         {
-            csr = PemUtilities.DERToPEM(Convert.FromBase64String(csr), PemUtilities.PemObjectType.CertRequest);
-
-            var sampleRequest = JsonConvert.SerializeObject(configProvider.CAConnectionData["SampleRequest"]);
-
-            var settings = new JsonSerializerSettings
-            {
-                NullValueHandling = NullValueHandling.Ignore,
-                MissingMemberHandling = MissingMemberHandling.Ignore
-            };
-            var request = BuildNewOrderRequest(productInfo,
-                JsonConvert.DeserializeObject<TemplateNewOrderRequest>(sampleRequest, settings), csr, isRenewalOrder);
-
-            return request;
+            Logger.Trace($"GetEnrollmentRequest called: isRenewalOrder={isRenewalOrder}, ProductID={productInfo?.ProductID ?? "(null)"}");
+            try
+            {
+                if (string.IsNullOrEmpty(csr))
+                {
+                    Logger.Error("GetEnrollmentRequest: CSR is null or empty.");
+                    throw new ArgumentNullException(nameof(csr), "CSR is required.");
+                }
+
+                csr = PemUtilities.DERToPEM(Convert.FromBase64String(csr), PemUtilities.PemObjectType.CertRequest);
+                Logger.Trace("GetEnrollmentRequest: CSR converted to PEM.");
+
+                if (configProvider?.CAConnectionData == null || !configProvider.CAConnectionData.ContainsKey("SampleRequest"))
+                {
+                    Logger.Error("GetEnrollmentRequest: configProvider CAConnectionData missing or 'SampleRequest' key not found.");
+                    throw new InvalidOperationException("SampleRequest configuration is missing.");
+                }
+
+                var sampleRequestObj = configProvider.CAConnectionData["SampleRequest"];
+                Logger.Trace($"GetEnrollmentRequest: SampleRequest type={sampleRequestObj?.GetType().Name ?? "(null)"}");
+
+                var sampleRequest = JsonConvert.SerializeObject(sampleRequestObj);
+                Logger.Trace($"GetEnrollmentRequest: SampleRequest JSON length={sampleRequest?.Length ?? 0}");
+
+                var settings = new JsonSerializerSettings
+                {
+                    NullValueHandling = NullValueHandling.Ignore,
+                    MissingMemberHandling = MissingMemberHandling.Ignore
+                };
+                var templateRequest = JsonConvert.DeserializeObject<TemplateNewOrderRequest>(sampleRequest, settings);
+                if (templateRequest == null)
+                {
+                    Logger.Error("GetEnrollmentRequest: Failed to deserialize SampleRequest into TemplateNewOrderRequest.");
+                    throw new InvalidOperationException("Failed to deserialize SampleRequest.");
+                }
+
+                var request = BuildNewOrderRequest(productInfo, templateRequest, csr, isRenewalOrder);
+                Logger.Trace($"GetEnrollmentRequest: Request built successfully.");
+                return request;
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"GetEnrollmentRequest failed: {ex.Message}\n{ex.StackTrace}");
+                throw;
+            }
         }
 
         public EmailApproverRequest GetEmailApproverListRequest(string productId, string productName)
@@ -77,54 +109,97 @@ public AuthRequest GetAuthRequest()
 
         public ReIssueRequest GetReIssueRequest(INewOrderResponse orderData, string csr, bool isRenewal)
         {
+            Logger.Trace($"GetReIssueRequest called: OrderId={orderData?.TheSslStoreOrderId ?? "(null)"}, isRenewal={isRenewal}");
+
+            if (orderData == null)
+            {
+                Logger.Error("GetReIssueRequest: orderData is null.");
+                throw new ArgumentNullException(nameof(orderData));
+            }
+
+            var productCode = orderData.ProductCode ?? "";
+            Logger.Trace($"GetReIssueRequest: ProductCode={productCode}, AdminContact is null={orderData.AdminContact == null}, OrderStatus is null={orderData.OrderStatus == null}");
+
             return new ReIssueRequest
             {
                 AuthRequest = GetAuthRequest(),
                 TheSslStoreOrderId = orderData.TheSslStoreOrderId,
                 Csr = csr,
                 IsRenewalOrder = isRenewal,
-                IsWildCard = orderData.ProductCode.Contains("wc") || orderData.ProductCode.Contains("wildcard"),
-                ReissueEmail = orderData.AdminContact.Email,
+                IsWildCard = productCode.Contains("wc") || productCode.Contains("wildcard"),
+                ReissueEmail = orderData.AdminContact?.Email,
                 ApproverEmails = orderData.ApproverEmail,
                 PreferEnrollmentLink = false,
-                FileAuthDvIndicator = orderData.OrderStatus.DomainAuthVettingStatus == null ? false : orderData.OrderStatus.DomainAuthVettingStatus.Exists(x => x.FileName != null),
-                CNameAuthDvIndicator = orderData.OrderStatus.DomainAuthVettingStatus == null ? false : orderData.OrderStatus.DomainAuthVettingStatus.Exists(x => x.DnsName != null),
+                FileAuthDvIndicator = orderData.OrderStatus?.DomainAuthVettingStatus == null ? false : orderData.OrderStatus.DomainAuthVettingStatus.Exists(x => x.FileName != null),
+                CNameAuthDvIndicator = orderData.OrderStatus?.DomainAuthVettingStatus == null ? false : orderData.OrderStatus.DomainAuthVettingStatus.Exists(x => x.DnsName != null),
                 WebServerType = orderData.WebServerType
             };
         }
 
         public AdminContact GetAdminContact(EnrollmentProductInfo productInfo)
         {
+            Logger.Trace("GetAdminContact(EnrollmentProductInfo) called.");
+
+            if (productInfo?.ProductParameters == null)
+            {
+                Logger.Error("GetAdminContact: productInfo or ProductParameters is null.");
+                throw new ArgumentNullException(nameof(productInfo));
+            }
+
+            string GetParam(string key)
+            {
+                if (productInfo.ProductParameters.ContainsKey(key))
+                    return productInfo.ProductParameters[key];
+                Logger.Warn($"GetAdminContact: Missing parameter '{key}'.");
+                return null;
+            }
+
             return new AdminContact
             {
-                FirstName = productInfo.ProductParameters["Admin Contact - First Name"],
-                LastName = productInfo.ProductParameters["Admin Contact - Last Name"],
-                Phone = productInfo.ProductParameters["Admin Contact - Phone"],
-                Email = productInfo.ProductParameters["Admin Contact - Email"],
-                OrganizationName = productInfo.ProductParameters["Admin Contact - Organization Name"],
-                AddressLine1 = productInfo.ProductParameters["Admin Contact - Address"],
-                City = productInfo.ProductParameters["Admin Contact - City"],
-                Region = productInfo.ProductParameters["Admin Contact - Region"],
-                PostalCode = productInfo.ProductParameters["Admin Contact - Postal Code"],
-                Country = productInfo.ProductParameters["Admin Contact - Country"]
+                FirstName = GetParam("Admin Contact - First Name"),
+                LastName = GetParam("Admin Contact - Last Name"),
+                Phone = GetParam("Admin Contact - Phone"),
+                Email = GetParam("Admin Contact - Email"),
+                OrganizationName = GetParam("Admin Contact - Organization Name"),
+                AddressLine1 = GetParam("Admin Contact - Address"),
+                City = GetParam("Admin Contact - City"),
+                Region = GetParam("Admin Contact - Region"),
+                PostalCode = GetParam("Admin Contact - Postal Code"),
+                Country = GetParam("Admin Contact - Country")
             };
         }
 
 
         public TechnicalContact GetTechnicalContact(EnrollmentProductInfo productInfo)
         {
+            Logger.Trace("GetTechnicalContact(EnrollmentProductInfo) called.");
+
+            if (productInfo?.ProductParameters == null)
+            {
+                Logger.Error("GetTechnicalContact: productInfo or ProductParameters is null.");
+                throw new ArgumentNullException(nameof(productInfo));
+            }
+
+            string GetParam(string key)
+            {
+                if (productInfo.ProductParameters.ContainsKey(key))
+                    return productInfo.ProductParameters[key];
+                Logger.Warn($"GetTechnicalContact: Missing parameter '{key}'.");
+                return null;
+            }
+
             return new TechnicalContact
             {
-                FirstName = productInfo.ProductParameters["Technical Contact - First Name"],
-                LastName = productInfo.ProductParameters["Technical Contact - Last Name"],
-                Phone = productInfo.ProductParameters["Technical Contact - Phone"],
-                Email = productInfo.ProductParameters["Technical Contact - Email"],
-                OrganizationName = productInfo.ProductParameters["Technical Contact - Organization Name"],
-                AddressLine1 = productInfo.ProductParameters["Technical Contact - Address"],
-                City = productInfo.ProductParameters["Technical Contact - City"],
-                Region = productInfo.ProductParameters["Technical Contact - Region"],
-                PostalCode = productInfo.ProductParameters["Technical Contact - Postal Code"],
-                Country = productInfo.ProductParameters["Technical Contact - Country"]
+                FirstName = GetParam("Technical Contact - First Name"),
+                LastName = GetParam("Technical Contact - Last Name"),
+                Phone = GetParam("Technical Contact - Phone"),
+                Email = GetParam("Technical Contact - Email"),
+                OrganizationName = GetParam("Technical Contact - Organization Name"),
+                AddressLine1 = GetParam("Technical Contact - Address"),
+                City = GetParam("Technical Contact - City"),
+                Region = GetParam("Technical Contact - Region"),
+                PostalCode = GetParam("Technical Contact - Postal Code"),
+                Country = GetParam("Technical Contact - Country")
             };
         }
 
@@ -148,9 +223,38 @@ public RevokeOrderRequest GetRevokeOrderRequest(string theSslStoreOrderId)
 
         public int GetClientPageSize(ICAConnectorConfigProvider config)
         {
-            if (config.CAConnectionData.ContainsKey(Constants.PageSize))
-                return int.Parse(config.CAConnectionData[Constants.PageSize].ToString());
-            return Constants.DefaultPageSize;
+            Logger.Trace("GetClientPageSize called.");
+            try
+            {
+                if (config?.CAConnectionData == null)
+                {
+                    Logger.Warn("GetClientPageSize: config or CAConnectionData is null. Using default page size.");
+                    return Constants.DefaultPageSize;
+                }
+
+                if (config.CAConnectionData.ContainsKey(Constants.PageSize))
+                {
+                    var pageSizeValue = config.CAConnectionData[Constants.PageSize]?.ToString();
+                    Logger.Trace($"GetClientPageSize: Raw value='{pageSizeValue ?? "(null)"}'");
+
+                    if (int.TryParse(pageSizeValue, out var pageSize))
+                    {
+                        Logger.Trace($"GetClientPageSize: Parsed PageSize={pageSize}");
+                        return pageSize;
+                    }
+
+                    Logger.Warn($"GetClientPageSize: Failed to parse '{pageSizeValue}' as int. Using default.");
+                    return Constants.DefaultPageSize;
+                }
+
+                Logger.Trace($"GetClientPageSize: '{Constants.PageSize}' key not found. Using default={Constants.DefaultPageSize}");
+                return Constants.DefaultPageSize;
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"GetClientPageSize failed: {ex.Message}\n{ex.StackTrace}");
+                return Constants.DefaultPageSize;
+            }
         }
 
         public QueryOrderRequest GetQueryOrderRequest(int pageSize, int pageNumber)
@@ -174,6 +278,14 @@ public OrderStatusRequest GetOrderStatusRequest(string theSslStoreId)
 
         public int MapReturnStatus(string sslStoreStatus)
         {
+            Logger.Trace($"MapReturnStatus called: sslStoreStatus={sslStoreStatus ?? "(null)"}");
+
+            if (sslStoreStatus == null)
+            {
+                Logger.Warn("MapReturnStatus: sslStoreStatus is null, returning UNKNOWN.");
+                return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.UNKNOWN);
+            }
+
             PKIConstants.Microsoft.RequestDisposition returnStatus;
 
             switch (sslStoreStatus)
@@ -189,15 +301,27 @@ public int MapReturnStatus(string sslStoreStatus)
                     returnStatus = PKIConstants.Microsoft.RequestDisposition.REVOKED;
                     break;
                 default:
+                    Logger.Warn($"MapReturnStatus: Unrecognized status '{sslStoreStatus}', returning UNKNOWN.");
                     returnStatus = PKIConstants.Microsoft.RequestDisposition.UNKNOWN;
                     break;
             }
 
+            Logger.Trace($"MapReturnStatus: Mapped '{sslStoreStatus}' to {returnStatus} ({Convert.ToInt32(returnStatus)})");
             return Convert.ToInt32(returnStatus);
         }
 
         public NewOrderRequest GetRenewalRequest(INewOrderResponse orderData, string csr)
         {
+            Logger.Trace($"GetRenewalRequest called: OrderId={orderData?.TheSslStoreOrderId ?? "(null)"}");
+
+            if (orderData == null)
+            {
+                Logger.Error("GetRenewalRequest: orderData is null.");
+                throw new ArgumentNullException(nameof(orderData));
+            }
+
+            Logger.Trace($"GetRenewalRequest: ProductCode={orderData.ProductCode ?? "(null)"}, AdminContact is null={orderData.AdminContact == null}, OrderStatus is null={orderData.OrderStatus == null}");
+
             return new NewOrderRequest
             {
                 AuthRequest = GetAuthRequest(),
@@ -219,6 +343,14 @@ public NewOrderRequest GetRenewalRequest(INewOrderResponse orderData, string csr
 
         public AdminContact GetAdminContact(INewOrderResponse productInfo)
         {
+            Logger.Trace("GetAdminContact(INewOrderResponse) called.");
+
+            if (productInfo?.AdminContact == null)
+            {
+                Logger.Warn("GetAdminContact: productInfo or AdminContact is null, returning empty AdminContact.");
+                return new AdminContact();
+            }
+
             return new AdminContact
             {
                 FirstName = productInfo.AdminContact.FirstName,
@@ -230,6 +362,14 @@ public AdminContact GetAdminContact(INewOrderResponse productInfo)
 
         public TechnicalContact GetTechnicalContact(INewOrderResponse productInfo)
         {
+            Logger.Trace("GetTechnicalContact(INewOrderResponse) called.");
+
+            if (productInfo?.AdminContact == null)
+            {
+                Logger.Warn("GetTechnicalContact: productInfo or AdminContact is null, returning empty TechnicalContact.");
+                return new TechnicalContact();
+            }
+
             return new TechnicalContact
             {
                 FirstName = productInfo.AdminContact.FirstName,
@@ -242,7 +382,9 @@ public TechnicalContact GetTechnicalContact(INewOrderResponse productInfo)
         private NewOrderRequest BuildNewOrderRequest(EnrollmentProductInfo productInfo,
             TemplateNewOrderRequest newOrderRequest, string csr, bool isRenewal)
         {
+            Logger.Trace($"BuildNewOrderRequest called: ProductID={productInfo?.ProductID ?? "(null)"}, isRenewal={isRenewal}");
             var customOrderId = Guid.NewGuid().ToString();
+            Logger.Trace($"BuildNewOrderRequest: Generated CustomOrderId={customOrderId}");
             productInfo.ProductParameters.Add("CustomOrderId", customOrderId);
 
             var request =
@@ -331,12 +473,51 @@ private NewOrderRequest BuildNewOrderRequest(EnrollmentProductInfo productInfo,
 
         public string GetCertificateContent(List<Certificate> certificates, string commonName)
         {
+            Logger.Trace($"GetCertificateContent called: commonName={commonName ?? "(null)"}, certificates count={certificates?.Count ?? 0}");
+
+            if (certificates == null || certificates.Count == 0)
+            {
+                Logger.Warn("GetCertificateContent: certificates list is null or empty.");
+                return "";
+            }
+
+            if (string.IsNullOrEmpty(commonName))
+            {
+                Logger.Warn("GetCertificateContent: commonName is null or empty.");
+                return "";
+            }
+
             foreach (var c in certificates)
             {
-                var cert = new X509Certificate2(Encoding.UTF8.GetBytes(c.FileContent));
-                if (cert.SubjectName.Name != null && cert.SubjectName.Name.Contains(commonName)) return c.FileContent;
+                if (c == null)
+                {
+                    Logger.Warn("GetCertificateContent: Encountered null certificate in list, skipping.");
+                    continue;
+                }
+
+                if (string.IsNullOrEmpty(c.FileContent))
+                {
+                    Logger.Warn("GetCertificateContent: Certificate has null/empty FileContent, skipping.");
+                    continue;
+                }
+
+                try
+                {
+                    var cert = new X509Certificate2(Encoding.UTF8.GetBytes(c.FileContent));
+                    Logger.Trace($"GetCertificateContent: Checking cert SubjectName={cert.SubjectName?.Name ?? "(null)"} against commonName={commonName}");
+                    if (cert.SubjectName?.Name != null && cert.SubjectName.Name.Contains(commonName))
+                    {
+                        Logger.Trace($"GetCertificateContent: Match found for commonName={commonName}");
+                        return c.FileContent;
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Logger.Error($"GetCertificateContent: Error parsing certificate: {ex.Message}\n{ex.StackTrace}");
+                }
             }
 
+            Logger.Warn($"GetCertificateContent: No matching certificate found for commonName={commonName}");
             return "";
         }
 
@@ -390,14 +571,18 @@ private JProperty CreatePropertyFromTemplate(string propertyPath, EnrollmentProd
 
         private string ExtractOrgId(string organization)
         {
+            Logger.Trace($"ExtractOrgId called: organization={organization ?? "(null)"}");
             if (organization != null)
             {
                 Regex pattern = new Regex(@"(\([^0-9]*\d+[^0-9]*\))");
                 Match match = pattern.Match(organization);
-                return match.Value.Replace("(", "").Replace(")", "");
+                var result = match.Value.Replace("(", "").Replace(")", "");
+                Logger.Trace($"ExtractOrgId: Extracted orgId='{result}'");
+                return result;
             }
             else
             {
+                Logger.Warn("ExtractOrgId: organization is null, returning null.");
                 return null;
             }
         }
diff --git a/SslStoreCaProxy/SslStoreCaProxy.cs b/SslStoreCaProxy/SslStoreCaProxy.cs
index d830835..52e1520 100644
--- a/SslStoreCaProxy/SslStoreCaProxy.cs
+++ b/SslStoreCaProxy/SslStoreCaProxy.cs
@@ -38,30 +38,58 @@ public SslStoreCaProxy()
 
         public override int Revoke(string caRequestId, string hexSerialNumber, uint revocationReason)
         {
-            Logger.Trace("Entering Revoke Method");
-            var revokeOrderRequest = _requestManager.GetRevokeOrderRequest(caRequestId.Split('-')[0]);
-            Logger.Trace($"Revoke Request JSON {JsonConvert.SerializeObject(revokeOrderRequest)}");
+            Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace($"Entering Revoke Method: caRequestId={caRequestId ?? "(null)"}, hexSerialNumber={hexSerialNumber ?? "(null)"}, revocationReason={revocationReason}");
             try
             {
+                if (string.IsNullOrEmpty(caRequestId))
+                {
+                    Logger.Error("Revoke called with null or empty caRequestId.");
+                    return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED);
+                }
+
+                var caRequestIdParts = caRequestId.Split('-');
+                Logger.Trace($"Revoke caRequestId split into {caRequestIdParts.Length} parts, using first part: {caRequestIdParts[0]}");
+
+                var revokeOrderRequest = _requestManager.GetRevokeOrderRequest(caRequestIdParts[0]);
+                Logger.Trace($"Revoke Request JSON {JsonConvert.SerializeObject(revokeOrderRequest)}");
+
                 var requestResponse =
                     Task.Run(async () => await SslStoreClient.SubmitRevokeCertificateAsync(revokeOrderRequest)).Result;
-                
+
                 Logger.Trace($"Revoke Response JSON {JsonConvert.SerializeObject(requestResponse)}");
-                
+
+                if (requestResponse == null)
+                {
+                    Logger.Error("Revoke response is null.");
+                    Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                    return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED);
+                }
+
+                if (requestResponse.AuthResponse == null)
+                {
+                    Logger.Error("Revoke response AuthResponse is null.");
+                    Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                    return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED);
+                }
+
                 if (requestResponse.AuthResponse.IsError)
                 {
-                    Logger.Trace($"Revoke Error Occurred");
+                    Logger.Error($"Revoke Error Occurred: {JsonConvert.SerializeObject(requestResponse.AuthResponse)}");
                     Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
                     return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED);
                 }
 
+                Logger.Trace("Revoke completed successfully.");
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
 
                 return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.REVOKED);
             }
             catch (Exception e)
             {
-                Logger.Error($"An Error has occurred during the revoke process {e.Message}");
+                Logger.Error($"An Error has occurred during the revoke process: {e.Message}\n{e.StackTrace}");
+                if (e.InnerException != null)
+                    Logger.Error($"Inner exception: {e.InnerException.Message}\n{e.InnerException.StackTrace}");
                 return Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED);
             }
         }
@@ -79,161 +107,269 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
             PKIConstants.X509.RequestFormat requestFormat, RequestUtilities.EnrollmentType enrollmentType)
         {
             Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace($"Enroll called: enrollmentType={enrollmentType}, subject={subject ?? "(null)"}, ProductID={productInfo?.ProductID ?? "(null)"}");
 
-            INewOrderResponse enrollmentResponse = null;
-            NewOrderRequest enrollmentRequest;
-            ReIssueRequest reIssueRequest;
-            CAConnectorCertificate priorCert;
-            OrderStatusRequest orderStatusRequest;
-            INewOrderResponse orderStatusResponse;
-
-            switch (enrollmentType)
+            try
             {
-                case RequestUtilities.EnrollmentType.New:
-                    Logger.Trace("Entering New Enrollment");
-                    //If they renewed an expired cert it gets here and this will not be supported
-                    if (!productInfo.ProductParameters.ContainsKey("PriorCertSN"))
-                    {
-                       string[] arrayProducts= Array.Empty<string>();
-                       string[] arrayApproverEmails= Array.Empty<string>();
+                if (productInfo == null)
+                {
+                    Logger.Error("Enroll called with null productInfo.");
+                    return new EnrollmentResult { Status = 30, StatusMessage = "Product info is null." };
+                }
 
-                        if (productInfo.ProductParameters.ContainsKey("DNS Names Comma Separated"))
-                        { 
-                            Logger.Trace($"DNS Comma Separated {productInfo.ProductParameters["DNS Names Comma Separated"]}");
-                            arrayProducts = productInfo.ProductParameters["DNS Names Comma Separated"].Split(new char[] { ',' }); 
-                        }
-                        if(productInfo.ProductParameters.ContainsKey("Approver Email"))
-                        {
-                            Logger.Trace($"Approver Email {productInfo.ProductParameters["Approver Email"]}");
-                            arrayApproverEmails = productInfo.ProductParameters["Approver Email"].Split(new char[] { ',' });
-                        }
+                if (productInfo.ProductParameters == null)
+                {
+                    Logger.Error("Enroll called with null ProductParameters.");
+                    return new EnrollmentResult { Status = 30, StatusMessage = "Product parameters are null." };
+                }
 
-                        var count = 1;
-                        foreach (var product in arrayProducts)
-                        {
-                            
-                            var emailApproverRequest = _requestManager.GetEmailApproverListRequest(productInfo.ProductID, product);
-                            Logger.Trace($"Email Approver Request JSON {JsonConvert.SerializeObject(emailApproverRequest)}");
+                Logger.Trace($"Enroll ProductParameters keys: {string.Join(", ", productInfo.ProductParameters.Keys)}");
 
-                            var emailApproverResponse = Task.Run(async () =>
-                                await SslStoreClient.SubmitEmailApproverRequestAsync(emailApproverRequest));
+                INewOrderResponse enrollmentResponse = null;
+                NewOrderRequest enrollmentRequest;
+                ReIssueRequest reIssueRequest;
+                CAConnectorCertificate priorCert;
+                OrderStatusRequest orderStatusRequest;
+                INewOrderResponse orderStatusResponse;
 
-                            Logger.Trace($"Email Approver Response JSON {JsonConvert.SerializeObject(emailApproverResponse)}");
+                switch (enrollmentType)
+                {
+                    case RequestUtilities.EnrollmentType.New:
+                        Logger.Trace("Entering New Enrollment");
+                        //If they renewed an expired cert it gets here and this will not be supported
+                        if (!productInfo.ProductParameters.ContainsKey("PriorCertSN"))
+                        {
+                            string[] arrayProducts = Array.Empty<string>();
+                            string[] arrayApproverEmails = Array.Empty<string>();
 
-                            var emailValidation=ValidateEmails(emailApproverResponse, arrayApproverEmails, productInfo,count);
+                            if (productInfo.ProductParameters.ContainsKey("DNS Names Comma Separated"))
+                            {
+                                Logger.Trace($"DNS Comma Separated {productInfo.ProductParameters["DNS Names Comma Separated"]}");
+                                arrayProducts = productInfo.ProductParameters["DNS Names Comma Separated"].Split(new char[] { ',' });
+                            }
+                            if (productInfo.ProductParameters.ContainsKey("Approver Email"))
+                            {
+                                Logger.Trace($"Approver Email {productInfo.ProductParameters["Approver Email"]}");
+                                arrayApproverEmails = productInfo.ProductParameters["Approver Email"].Split(new char[] { ',' });
+                            }
 
-                            Logger.Trace($"Email Validation Result {emailValidation}");
+                            Logger.Trace($"New Enrollment: {arrayProducts.Length} DNS products, {arrayApproverEmails.Length} approver emails");
 
-                            if (emailValidation.Length>0)
+                            var count = 1;
+                            foreach (var product in arrayProducts)
                             {
-                                return new EnrollmentResult
+                                Logger.Trace($"Validating email approver for product domain '{product}' (#{count})...");
+                                var emailApproverRequest = _requestManager.GetEmailApproverListRequest(productInfo.ProductID, product);
+                                Logger.Trace($"Email Approver Request JSON {JsonConvert.SerializeObject(emailApproverRequest)}");
+
+                                var emailApproverResponse = Task.Run(async () =>
+                                    await SslStoreClient.SubmitEmailApproverRequestAsync(emailApproverRequest));
+
+                                Logger.Trace($"Email Approver Response JSON {JsonConvert.SerializeObject(emailApproverResponse)}");
+
+                                var emailValidation = ValidateEmails(emailApproverResponse, arrayApproverEmails, productInfo, count);
+
+                                Logger.Trace($"Email Validation Result {emailValidation}");
+
+                                if (emailValidation.Length > 0)
                                 {
-                                    Status = 30, //failure
-                                    StatusMessage = emailValidation
-                                };
+                                    Logger.Warn($"Email validation failed: {emailValidation}");
+                                    return new EnrollmentResult
+                                    {
+                                        Status = 30, //failure
+                                        StatusMessage = emailValidation
+                                    };
+                                }
+                                count++;
                             }
-                            count++;
+
+
+                            Logger.Trace("Building enrollment request...");
+                            enrollmentRequest =
+                                _requestManager.GetEnrollmentRequest(csr, productInfo, ConfigManager, false);
+
+                            Logger.Trace($"enrollmentRequest JSON {JsonConvert.SerializeObject(enrollmentRequest)}");
+
+                            Logger.Trace("Submitting new order request...");
+                            enrollmentResponse =
+                                Task.Run(async () => await SslStoreClient.SubmitNewOrderRequestAsync(enrollmentRequest))
+                                    .Result;
+
+                            Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
+                        }
+                        else
+                        {
+                            Logger.Warn("Enrollment rejected: PriorCertSN present in New enrollment (expired cert renewal not supported).");
+                            return new EnrollmentResult
+                            {
+                                Status = 30, //failure
+                                StatusMessage = "You cannot renew and expired cert please perform an new enrollment."
+                            };
                         }
-                       
 
-                        enrollmentRequest =
-                            _requestManager.GetEnrollmentRequest(csr, productInfo, ConfigManager, false);
+                        break;
+                    case RequestUtilities.EnrollmentType.Renew:
+                        Logger.Trace("Entering Renew Enrollment");
 
-                        Logger.Trace($"enrollmentRequest JSON {JsonConvert.SerializeObject(enrollmentRequest)}");
+                        if (!productInfo.ProductParameters.ContainsKey("PriorCertSN"))
+                        {
+                            Logger.Error("Renew enrollment missing required PriorCertSN parameter.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "PriorCertSN is required for renewal." };
+                        }
 
-                        enrollmentResponse =
-                            Task.Run(async () => await SslStoreClient.SubmitNewOrderRequestAsync(enrollmentRequest))
-                                .Result;
+                        Logger.Trace($"PriorCertSN={productInfo.ProductParameters["PriorCertSN"]}");
+                        priorCert = certificateDataReader.GetCertificateRecord(
+                            DataConversion.HexToBytes(productInfo.ProductParameters["PriorCertSN"]));
 
-                        Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
-                    }
-                    else
-                    {
-                        return new EnrollmentResult
+                        if (priorCert == null)
                         {
-                            Status = 30, //failure
-                            StatusMessage = "You cannot renew and expired cert please perform an new enrollment."
-                        };
-                    }
+                            Logger.Error($"Prior certificate not found for PriorCertSN={productInfo.ProductParameters["PriorCertSN"]}");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Prior certificate record not found." };
+                        }
+
+                        Logger.Trace($"Prior Cert CARequestID={priorCert.CARequestID ?? "(null)"}");
 
-                    break;
-                case RequestUtilities.EnrollmentType.Renew:
-                    Logger.Trace("Entering Renew Enrollment");
+                        if (string.IsNullOrEmpty(priorCert.CARequestID))
+                        {
+                            Logger.Error("Prior certificate has null/empty CARequestID.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Prior certificate has no CA Request ID." };
+                        }
 
-                    priorCert = certificateDataReader.GetCertificateRecord(
-                        DataConversion.HexToBytes(productInfo.ProductParameters["PriorCertSN"]));
+                        orderStatusRequest = _requestManager.GetOrderStatusRequest(priorCert.CARequestID.Split('-')[0]);
 
-                    Logger.Trace($"Prior Cert {priorCert}");
+                        Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
 
-                    orderStatusRequest = _requestManager.GetOrderStatusRequest(priorCert.CARequestID.Split('-')[0]);
+                        orderStatusResponse = Task.Run(async () =>
+                            await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
 
-                    Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
+                        if (orderStatusResponse == null)
+                        {
+                            Logger.Error("Order status response is null during renewal.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Failed to retrieve order status for renewal." };
+                        }
 
-                    orderStatusResponse = Task.Run(async () =>
-                        await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
+                        Logger.Trace($"orderStatusResponse JSON {JsonConvert.SerializeObject(orderStatusResponse)}");
 
-                    Logger.Trace($"orderStatusResponse JSON {JsonConvert.SerializeObject(orderStatusResponse)}");
+                        var renewRequest = _requestManager.GetRenewalRequest(orderStatusResponse, csr);
 
-                    var renewRequest = _requestManager.GetRenewalRequest(orderStatusResponse, csr);
+                        Logger.Trace($"renewRequest JSON {JsonConvert.SerializeObject(renewRequest)}");
 
-                    Logger.Trace($"renewRequest JSON {JsonConvert.SerializeObject(renewRequest)}");
+                        Logger.Trace("Submitting renewal request...");
+                        enrollmentResponse =
+                            Task.Run(async () => await SslStoreClient.SubmitRenewRequestAsync(renewRequest)).Result;
 
-                    enrollmentResponse =
-                        Task.Run(async () => await SslStoreClient.SubmitRenewRequestAsync(renewRequest)).Result;
+                        Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
 
-                    Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
-                    
-                    break;
-                case RequestUtilities.EnrollmentType.Reissue:
-                    Logger.Trace("Entering Reissue Enrollment");
+                        break;
+                    case RequestUtilities.EnrollmentType.Reissue:
+                        Logger.Trace("Entering Reissue Enrollment");
 
-                    priorCert =
-                        certificateDataReader.GetCertificateRecord(
-                            DataConversion.HexToBytes(productInfo.ProductParameters["PriorCertSN"]));
+                        if (!productInfo.ProductParameters.ContainsKey("PriorCertSN"))
+                        {
+                            Logger.Error("Reissue enrollment missing required PriorCertSN parameter.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "PriorCertSN is required for reissue." };
+                        }
 
-                    Logger.Trace($"Prior Cert {priorCert}");
+                        Logger.Trace($"PriorCertSN={productInfo.ProductParameters["PriorCertSN"]}");
+                        priorCert =
+                            certificateDataReader.GetCertificateRecord(
+                                DataConversion.HexToBytes(productInfo.ProductParameters["PriorCertSN"]));
 
-                    orderStatusRequest = _requestManager.GetOrderStatusRequest(priorCert.CARequestID.Split('-')[0]);
+                        if (priorCert == null)
+                        {
+                            Logger.Error($"Prior certificate not found for PriorCertSN={productInfo.ProductParameters["PriorCertSN"]}");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Prior certificate record not found." };
+                        }
 
-                    Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
+                        Logger.Trace($"Prior Cert CARequestID={priorCert.CARequestID ?? "(null)"}");
 
-                    orderStatusResponse = Task.Run(async () =>
-                        await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
+                        if (string.IsNullOrEmpty(priorCert.CARequestID))
+                        {
+                            Logger.Error("Prior certificate has null/empty CARequestID.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Prior certificate has no CA Request ID." };
+                        }
 
-                    Logger.Trace($"orderStatusResponse JSON {JsonConvert.SerializeObject(orderStatusResponse)}");
+                        orderStatusRequest = _requestManager.GetOrderStatusRequest(priorCert.CARequestID.Split('-')[0]);
 
-                    reIssueRequest = _requestManager.GetReIssueRequest(orderStatusResponse, csr, false);
+                        Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
 
-                    Logger.Trace($"reIssueRequest JSON {JsonConvert.SerializeObject(reIssueRequest)}");
+                        orderStatusResponse = Task.Run(async () =>
+                            await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
 
-                    enrollmentResponse =
-                        Task.Run(async () => await SslStoreClient.SubmitReIssueRequestAsync(reIssueRequest)).Result;
+                        if (orderStatusResponse == null)
+                        {
+                            Logger.Error("Order status response is null during reissue.");
+                            return new EnrollmentResult { Status = 30, StatusMessage = "Failed to retrieve order status for reissue." };
+                        }
 
-                    Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
+                        Logger.Trace($"orderStatusResponse JSON {JsonConvert.SerializeObject(orderStatusResponse)}");
 
-                    break;
-            }
+                        reIssueRequest = _requestManager.GetReIssueRequest(orderStatusResponse, csr, false);
+
+                        Logger.Trace($"reIssueRequest JSON {JsonConvert.SerializeObject(reIssueRequest)}");
+
+                        Logger.Trace("Submitting reissue request...");
+                        enrollmentResponse =
+                            Task.Run(async () => await SslStoreClient.SubmitReIssueRequestAsync(reIssueRequest)).Result;
+
+                        Logger.Trace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
 
-            return GetEnrollmentResult(enrollmentResponse);
+                        break;
+                    default:
+                        Logger.Error($"Unknown enrollment type: {enrollmentType}");
+                        return new EnrollmentResult { Status = 30, StatusMessage = $"Unknown enrollment type: {enrollmentType}" };
+                }
+
+                return GetEnrollmentResult(enrollmentResponse);
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"Enroll failed with exception: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                return new EnrollmentResult { Status = 30, StatusMessage = $"Enrollment failed: {ex.Message}" };
+            }
         }
 
         private EnrollmentResult GetEnrollmentResult(INewOrderResponse newOrderResponse)
         {
-            if (newOrderResponse != null && newOrderResponse.AuthResponse.IsError)
+            Logger.Trace("GetEnrollmentResult called.");
+
+            if (newOrderResponse == null)
             {
+                Logger.Error("GetEnrollmentResult: newOrderResponse is null.");
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                return new EnrollmentResult
+                {
+                    Status = 30,
+                    StatusMessage = "Enrollment response was null."
+                };
+            }
+
+            Logger.Trace($"GetEnrollmentResult: TheSslStoreOrderId={newOrderResponse.TheSslStoreOrderId ?? "(null)"}, AuthResponse is null={newOrderResponse.AuthResponse == null}");
+
+            if (newOrderResponse.AuthResponse != null && newOrderResponse.AuthResponse.IsError)
+            {
+                var errorMessage = "(no error message)";
+                if (newOrderResponse.AuthResponse.Message != null && newOrderResponse.AuthResponse.Message.Count > 0)
+                {
+                    errorMessage = newOrderResponse.AuthResponse.Message[0];
+                }
+                Logger.Error($"GetEnrollmentResult: Auth error: {errorMessage}");
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
                 return new EnrollmentResult
                 {
                     Status = 30, //failure
-                    StatusMessage = newOrderResponse.AuthResponse.Message[0]
+                    StatusMessage = errorMessage
                 };
             }
 
+            Logger.Trace($"GetEnrollmentResult: Success, OrderId={newOrderResponse.TheSslStoreOrderId ?? "(null)"}");
             Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
             return new EnrollmentResult
             {
                 Status = 9, //success
-                StatusMessage = $"Order Successfully Created With Order Number {newOrderResponse?.TheSslStoreOrderId}"
+                StatusMessage = $"Order Successfully Created With Order Number {newOrderResponse.TheSslStoreOrderId}"
             };
         }
 
@@ -241,24 +377,58 @@ private EnrollmentResult GetEnrollmentResult(INewOrderResponse newOrderResponse)
         public override CAConnectorCertificate GetSingleRecord(string caRequestId)
         {
             Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace($"GetSingleRecord called: caRequestId={caRequestId ?? "(null)"}");
+
+            try
+            {
+                if (string.IsNullOrEmpty(caRequestId))
+                {
+                    Logger.Error("GetSingleRecord called with null/empty caRequestId.");
+                    Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                    return new CAConnectorCertificate
+                    {
+                        CARequestID = caRequestId,
+                        Certificate = string.Empty,
+                        CSR = string.Empty,
+                        Status = Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED)
+                    };
+                }
 
-            var orderStatusRequest = _requestManager.GetOrderStatusRequest(caRequestId);
+                var orderStatusRequest = _requestManager.GetOrderStatusRequest(caRequestId);
 
-            Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
+                Logger.Trace($"orderStatusRequest JSON {JsonConvert.SerializeObject(orderStatusRequest)}");
 
-            var certResponse = Task
-                .Run(async () => await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
+                var certResponse = Task
+                    .Run(async () => await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
 
-            Logger.Trace($"certResponse JSON {JsonConvert.SerializeObject(certResponse)}");
+                Logger.Trace($"certResponse JSON {JsonConvert.SerializeObject(certResponse)}");
 
-            Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-            return new CAConnectorCertificate
+                var majorStatus = certResponse?.OrderStatus?.MajorStatus;
+                Logger.Trace($"GetSingleRecord: MajorStatus={majorStatus ?? "(null)"}");
+
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                return new CAConnectorCertificate
+                {
+                    CARequestID = caRequestId,
+                    Certificate = string.Empty,
+                    CSR = string.Empty,
+                    Status = _requestManager.MapReturnStatus(majorStatus)
+                };
+            }
+            catch (Exception ex)
             {
-                CARequestID = caRequestId,
-                Certificate = string.Empty,
-                CSR = string.Empty,
-                Status = _requestManager.MapReturnStatus(certResponse?.OrderStatus.MajorStatus)
-            };
+                Logger.Error($"GetSingleRecord failed for caRequestId={caRequestId}: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                return new CAConnectorCertificate
+                {
+                    CARequestID = caRequestId,
+                    Certificate = string.Empty,
+                    CSR = string.Empty,
+                    Status = Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED)
+                };
+            }
         }
 
         [Obsolete]
@@ -274,65 +444,132 @@ public override void Synchronize(ICertificateDataReader certificateDataReader,
             CertificateAuthoritySyncInfo certificateAuthoritySyncInfo, CancellationToken cancelToken)
         {
             Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace("Synchronize starting...");
 
             try
             {
                 //Get a list of all the templates need ones for Existing Orgs so we can fill the org dropdown
+                Logger.Trace("Creating templates blocking collection...");
                 var templates=new BlockingCollection<ITemplate>(100);
                 KeyfactorClient.SubmitQueryTemplatesRequestAsync(templates, cancelToken, _requestManager);
+                Logger.Trace("Template query submitted.");
 
                 //Get a list of orgs from digicert via SslStore API
+                Logger.Trace("Getting organization list request...");
                 var organizationListRequest = _requestManager.GetOrganizationListRequest();
 
                 Logger.Trace($"organizationListRequest JSON {JsonConvert.SerializeObject(organizationListRequest)}");
 
+                Logger.Trace("Submitting organization list request to SslStore...");
                 var orgListResponse = Task
                     .Run(async () => await SslStoreClient.SubmitOrganizationListAsync(organizationListRequest)).Result;
 
                 Logger.Trace($"orgListResponse JSON {JsonConvert.SerializeObject(orgListResponse)}");
 
+                if (orgListResponse == null)
+                {
+                    Logger.Warn("Organization list response is null. Skipping template organization updates.");
+                }
+
+                Logger.Trace("Beginning template enumeration...");
                 foreach (var template in templates.GetConsumingEnumerable(cancelToken))
                 {
-                    var currentTemplate = (Template) template;
                     if (cancelToken.IsCancellationRequested)
                     {
                         Logger.Error("Synchronize was canceled Getting Templates");
                         break;
                     }
-                    //If it is an existing org template then fill dropdown with existing organizations
-                    if(currentTemplate.CommonName.EndsWith("-EO"))
+
+                    try
                     {
-                        Logger.Trace($"Ends in -EO Common Name {currentTemplate.CommonName}");
-
-                        var orgIdField = currentTemplate.EnrollmentFields.Find(e => e.Name == "Organization ID");
-                        var currentId = orgIdField.Id;
-                        currentTemplate.EnrollmentFields.Remove(orgIdField);
-                        var newOrgField = new EnrollmentField();
-                        newOrgField.Id = currentId;
-                        newOrgField.Name = "Organization ID";
-                        newOrgField.DataType = 2;
-                        List<string> optionsList = new List<string>();
-                        var orgLength = 0;
-                        foreach(Organization org in orgListResponse.OrganizationList)
+                        if (template == null)
+                        {
+                            Logger.Warn("Encountered null template in collection, skipping.");
+                            continue;
+                        }
+
+                        var currentTemplate = (Template) template;
+                        Logger.Trace($"Processing template Id={currentTemplate.Id}, CommonName={currentTemplate.CommonName ?? "(null)"}");
+
+                        //If it is an existing org template then fill dropdown with existing organizations
+                        if (currentTemplate.CommonName != null && currentTemplate.CommonName.EndsWith("-EO"))
                         {
-                            var newOrgName = org.Name + " (" + org.TssOrganizationId + ") " + org.City + "-" + org.Country.ToUpper();
-                            orgLength = orgLength + newOrgName.Length +1;
-                            if(orgLength<=950 && org.Status=="active") 
+                            Logger.Trace($"Ends in -EO Common Name {currentTemplate.CommonName}");
+
+                            if (currentTemplate.EnrollmentFields == null)
                             {
-                                optionsList.Add(newOrgName);
+                                Logger.Warn($"Template {currentTemplate.CommonName} has null EnrollmentFields, skipping org update.");
+                                continue;
+                            }
+
+                            var orgIdField = currentTemplate.EnrollmentFields.Find(e => e.Name == "Organization ID");
+                            if (orgIdField == null)
+                            {
+                                Logger.Warn($"Template {currentTemplate.CommonName} has no 'Organization ID' enrollment field, skipping org update.");
+                                continue;
                             }
-                        }
-                        newOrgField.Options.AddRange(optionsList);
-                        currentTemplate.EnrollmentFields.Insert(0, newOrgField);
 
-                        var updateOrgResponse = Task.Run(async () => await KeyfactorClient.SubmitUpdateTemplateAsync(currentTemplate)).Result;
-                        
+                            var currentId = orgIdField.Id;
+                            currentTemplate.EnrollmentFields.Remove(orgIdField);
+                            var newOrgField = new EnrollmentField();
+                            newOrgField.Id = currentId;
+                            newOrgField.Name = "Organization ID";
+                            newOrgField.DataType = 2;
+                            List<string> optionsList = new List<string>();
+                            var orgLength = 0;
+
+                            if (orgListResponse?.OrganizationList != null)
+                            {
+                                Logger.Trace($"Processing {orgListResponse.OrganizationList.Count} organizations for template {currentTemplate.CommonName}");
+                                foreach (Organization org in orgListResponse.OrganizationList)
+                                {
+                                    if (org == null)
+                                    {
+                                        Logger.Warn("Encountered null organization in list, skipping.");
+                                        continue;
+                                    }
+
+                                    var orgName = org.Name ?? "(no name)";
+                                    var orgCity = org.City ?? "(no city)";
+                                    var orgCountry = org.Country ?? "(no country)";
+                                    var newOrgName = orgName + " (" + org.TssOrganizationId + ") " + orgCity + "-" + orgCountry.ToUpper();
+                                    orgLength = orgLength + newOrgName.Length + 1;
+                                    if (orgLength <= 950 && org.Status == "active")
+                                    {
+                                        optionsList.Add(newOrgName);
+                                    }
+                                }
+                            }
+                            else
+                            {
+                                Logger.Warn("Organization list is null or empty, no orgs will be added to template dropdown.");
+                            }
+
+                            Logger.Trace($"Adding {optionsList.Count} organizations to template dropdown for {currentTemplate.CommonName}");
+                            newOrgField.Options.AddRange(optionsList);
+                            currentTemplate.EnrollmentFields.Insert(0, newOrgField);
+
+                            Logger.Trace($"Submitting template update for {currentTemplate.CommonName}...");
+                            var updateOrgResponse = Task.Run(async () => await KeyfactorClient.SubmitUpdateTemplateAsync(currentTemplate)).Result;
+                            Logger.Trace($"Template update response for {currentTemplate.CommonName}: {JsonConvert.SerializeObject(updateOrgResponse)}");
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        Logger.Error($"Error processing template during sync: {ex.Message}\n{ex.StackTrace}");
+                        if (ex.InnerException != null)
+                            Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
                     }
                 }
 
-                
+                Logger.Trace("Template processing complete. Beginning certificate sync...");
                 var certs = new BlockingCollection<INewOrderResponse>(100);
                 SslStoreClient.SubmitQueryOrderRequestAsync(certs, cancelToken, _requestManager);
+                Logger.Trace("Certificate query submitted.");
+
+                var certCount = 0;
+                var errorCount = 0;
+                var addedCount = 0;
 
                 foreach (var currentResponseItem in certs.GetConsumingEnumerable(cancelToken))
                 {
@@ -342,57 +579,132 @@ public override void Synchronize(ICertificateDataReader certificateDataReader,
                         break;
                     }
 
+                    certCount++;
                     try
                     {
-                        Logger.Trace($"Took Certificate ID {currentResponseItem?.TheSslStoreOrderId} from Queue");
+                        if (currentResponseItem == null)
+                        {
+                            Logger.Warn("Encountered null certificate response item in queue, skipping.");
+                            continue;
+                        }
+
+                        var orderId = currentResponseItem.TheSslStoreOrderId ?? "(null)";
+                        Logger.Trace($"Took Certificate ID {orderId} from Queue (item #{certCount})");
+
+                        if (string.IsNullOrEmpty(currentResponseItem.TheSslStoreOrderId))
+                        {
+                            Logger.Warn($"Certificate response item #{certCount} has null/empty TheSslStoreOrderId, skipping.");
+                            continue;
+                        }
 
                         //Call GetOrderStatus since this has the most recent status, query order is updated periodically
-                        var orderStatusRequest = _requestManager.GetOrderStatusRequest(currentResponseItem?.TheSslStoreOrderId);
+                        Logger.Trace($"Getting order status for order {orderId}...");
+                        var orderStatusRequest = _requestManager.GetOrderStatusRequest(currentResponseItem.TheSslStoreOrderId);
                         var orderStatusResponse = Task.Run(async () =>
                             await SslStoreClient.SubmitOrderStatusRequestAsync(orderStatusRequest)).Result;
 
+                        if (orderStatusResponse == null)
+                        {
+                            Logger.Warn($"Order status response is null for order {orderId}, skipping.");
+                            continue;
+                        }
+
+                        Logger.Trace($"Order status response for {orderId}: OrderStatus={JsonConvert.SerializeObject(orderStatusResponse.OrderStatus)}, CommonName={orderStatusResponse.CommonName ?? "(null)"}, ProductCode={orderStatusResponse.ProductCode ?? "(null)"}");
+
+                        if (orderStatusResponse.OrderStatus == null)
+                        {
+                            Logger.Warn($"OrderStatus object is null for order {orderId}, skipping.");
+                            continue;
+                        }
+
+                        Logger.Trace($"Order {orderId} MajorStatus={orderStatusResponse.OrderStatus.MajorStatus ?? "(null)"}, MinorStatus={orderStatusResponse.OrderStatus.MinorStatus ?? "(null)"}");
+
                         var fileContent = "";
                         var certStatus =
                             _requestManager.MapReturnStatus(orderStatusResponse.OrderStatus.MajorStatus);
+                        Logger.Trace($"Order {orderId} mapped certStatus={certStatus}");
 
                         if (certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.ISSUED))
                         {
-                            var downloadCertificateRequest =
-                                _requestManager.GetCertificateRequest(orderStatusResponse.TheSslStoreOrderId);
-                            var certResponse =
-                                Task.Run(async () =>
-                                        await SslStoreClient.SubmitDownloadCertificateAsync(
-                                            downloadCertificateRequest))
-                                    .Result;
-                            if (!certResponse.AuthResponse.IsError)
+                            Logger.Trace($"Order {orderId} is ISSUED, downloading certificate...");
+                            try
                             {
-                                fileContent = _requestManager.GetCertificateContent(certResponse.Certificates,
-                                    orderStatusResponse.CommonName);
+                                var downloadCertificateRequest =
+                                    _requestManager.GetCertificateRequest(orderStatusResponse.TheSslStoreOrderId);
+                                var certResponse =
+                                    Task.Run(async () =>
+                                            await SslStoreClient.SubmitDownloadCertificateAsync(
+                                                downloadCertificateRequest))
+                                        .Result;
+
+                                if (certResponse == null)
+                                {
+                                    Logger.Warn($"Certificate download response is null for order {orderId}.");
+                                }
+                                else if (certResponse.AuthResponse == null)
+                                {
+                                    Logger.Warn($"Certificate download AuthResponse is null for order {orderId}.");
+                                }
+                                else if (!certResponse.AuthResponse.IsError)
+                                {
+                                    Logger.Trace($"Certificate downloaded successfully for order {orderId}, extracting content...");
+                                    fileContent = _requestManager.GetCertificateContent(certResponse.Certificates,
+                                        orderStatusResponse.CommonName) ?? "";
+                                    Logger.Trace($"Order {orderId} certificate content length={fileContent.Length}");
+                                }
+                                else
+                                {
+                                    Logger.Warn($"Certificate download returned error for order {orderId}: {JsonConvert.SerializeObject(certResponse.AuthResponse)}");
+                                }
+                            }
+                            catch (Exception dlEx)
+                            {
+                                Logger.Error($"Error downloading certificate for order {orderId}: {dlEx.Message}\n{dlEx.StackTrace}");
+                                if (dlEx.InnerException != null)
+                                    Logger.Error($"Inner exception: {dlEx.InnerException.Message}\n{dlEx.InnerException.StackTrace}");
                             }
                         }
 
 
                         //Keyfactor sync only seems to work when there is a valid cert and I can only get Active valid certs from SSLStore
-                        if (certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.ISSUED) &&
-                            fileContent.Length > 0 || certStatus ==
+                        if ((certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.ISSUED) &&
+                            fileContent.Length > 0) || certStatus ==
                             Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.REVOKED))
                         {
-                            string serialNumber="";
+                            string serialNumber = "";
                             if (fileContent.Length > 0)
                             {
-                                var cert = new X509Certificate2(Encoding.UTF8.GetBytes(fileContent));
-                                serialNumber = cert.SerialNumber;
+                                try
+                                {
+                                    var cert = new X509Certificate2(Encoding.UTF8.GetBytes(fileContent));
+                                    serialNumber = cert.SerialNumber ?? "";
+                                    Logger.Trace($"Order {orderId} parsed certificate serial={serialNumber}");
+                                }
+                                catch (Exception certParseEx)
+                                {
+                                    Logger.Error($"Error parsing X509 certificate for order {orderId}: {certParseEx.Message}\n{certParseEx.StackTrace}");
+                                    continue;
+                                }
                             }
 
+                            Logger.Trace($"Adding order {orderId} to sync buffer: CARequestID={orderStatusResponse.TheSslStoreOrderId}-{serialNumber}, Status={certStatus}, ProductID={orderStatusResponse.ProductCode ?? "(null)"}, PurchaseDate={orderStatusResponse.PurchaseDate ?? "(null)"}");
+
                             blockingBuffer.Add(new CAConnectorCertificate
                             {
                                 CARequestID =
                                     $"{orderStatusResponse.TheSslStoreOrderId}-{serialNumber}",
                                 Certificate = fileContent,
-                                SubmissionDate = Convert.ToDateTime(orderStatusResponse.PurchaseDate),
+                                SubmissionDate = string.IsNullOrEmpty(orderStatusResponse.PurchaseDate)
+                                    ? DateTime.UtcNow
+                                    : Convert.ToDateTime(orderStatusResponse.PurchaseDate),
                                 Status = certStatus,
                                 ProductID = $"{orderStatusResponse.ProductCode}"
                             });
+                            addedCount++;
+                        }
+                        else
+                        {
+                            Logger.Trace($"Order {orderId} not added to sync buffer: certStatus={certStatus}, fileContentLength={fileContent.Length}");
                         }
                     }
                     catch (OperationCanceledException)
@@ -400,14 +712,35 @@ await SslStoreClient.SubmitDownloadCertificateAsync(
                         Logger.Error("Synchronize was canceled.");
                         break;
                     }
+                    catch (Exception ex)
+                    {
+                        errorCount++;
+                        Logger.Error($"Error processing certificate item #{certCount} during sync: {ex.Message}\n{ex.StackTrace}");
+                        if (ex.InnerException != null)
+                            Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                    }
                 }
+
+                Logger.Trace($"Synchronize certificate processing complete. Total processed={certCount}, Added to buffer={addedCount}, Errors={errorCount}");
             }
             catch (AggregateException aggEx)
             {
-                Logger.Error("SslStore Synchronize Task failed!");
+                var flatEx = aggEx.Flatten();
+                Logger.Error($"SslStore Synchronize Task failed! {flatEx.Message}");
+                foreach (var innerEx in flatEx.InnerExceptions)
+                {
+                    Logger.Error($"  Inner exception: {innerEx.Message}\n{innerEx.StackTrace}");
+                }
+                Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+                throw;
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"SslStore Synchronize unexpected error: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
                 Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-                // ReSharper disable once PossibleIntendedRethrow
-                throw aggEx;
+                throw;
             }
 
             Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
@@ -416,12 +749,64 @@ await SslStoreClient.SubmitDownloadCertificateAsync(
 
         public override void Initialize(ICAConnectorConfigProvider configProvider)
         {
-            PartnerCode = configProvider.CAConnectionData[Constants.PartnerCode].ToString();
-            AuthenticationToken = configProvider.CAConnectionData[Constants.AuthToken].ToString();
-            SslStoreClient = new SslStoreClient(configProvider);
-            KeyfactorClient=new KeyfactorClient(configProvider);
-            PageSize = _requestManager.GetClientPageSize(configProvider);
-            ConfigManager = configProvider;
+            Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
+            Logger.Trace("Initialize called.");
+
+            try
+            {
+                if (configProvider == null)
+                {
+                    Logger.Error("Initialize called with null configProvider.");
+                    throw new ArgumentNullException(nameof(configProvider));
+                }
+
+                if (configProvider.CAConnectionData == null)
+                {
+                    Logger.Error("Initialize: CAConnectionData is null.");
+                    throw new InvalidOperationException("CAConnectionData is null.");
+                }
+
+                Logger.Trace($"Initialize: CAConnectionData keys: {string.Join(", ", configProvider.CAConnectionData.Keys)}");
+
+                if (!configProvider.CAConnectionData.ContainsKey(Constants.PartnerCode))
+                {
+                    Logger.Error($"Initialize: Missing required config key '{Constants.PartnerCode}'.");
+                    throw new InvalidOperationException($"Missing required config key '{Constants.PartnerCode}'.");
+                }
+
+                if (!configProvider.CAConnectionData.ContainsKey(Constants.AuthToken))
+                {
+                    Logger.Error($"Initialize: Missing required config key '{Constants.AuthToken}'.");
+                    throw new InvalidOperationException($"Missing required config key '{Constants.AuthToken}'.");
+                }
+
+                PartnerCode = configProvider.CAConnectionData[Constants.PartnerCode]?.ToString();
+                Logger.Trace($"Initialize: PartnerCode={PartnerCode ?? "(null)"}");
+
+                AuthenticationToken = configProvider.CAConnectionData[Constants.AuthToken]?.ToString();
+                Logger.Trace("Initialize: AuthenticationToken set (value masked).");
+
+                Logger.Trace("Initialize: Creating SslStoreClient...");
+                SslStoreClient = new SslStoreClient(configProvider);
+
+                Logger.Trace("Initialize: Creating KeyfactorClient...");
+                KeyfactorClient = new KeyfactorClient(configProvider);
+
+                Logger.Trace("Initialize: Getting page size...");
+                PageSize = _requestManager.GetClientPageSize(configProvider);
+                Logger.Trace($"Initialize: PageSize={PageSize}");
+
+                ConfigManager = configProvider;
+
+                Logger.Trace("Initialize complete.");
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"Initialize failed: {ex.Message}\n{ex.StackTrace}");
+                throw;
+            }
+
+            Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
         }
 
         public override void Ping()
@@ -437,34 +822,93 @@ public override void ValidateProductInfo(EnrollmentProductInfo productInfo,
         {
         }
 
-        private string ValidateEmails(Task<EmailApproverResponse> validEmails,string[] arrayApproverEmails, EnrollmentProductInfo productInfo,int count)
+        private string ValidateEmails(Task<EmailApproverResponse> validEmails, string[] arrayApproverEmails, EnrollmentProductInfo productInfo, int count)
         {
-            if (arrayApproverEmails.Length > 1 && productInfo.ProductID.Contains("digi"))
-            {
-                return $"There should only be one approval email for Digicert products.";
-            }
+            Logger.Trace($"ValidateEmails called: count={count}, approverEmailCount={arrayApproverEmails?.Length ?? 0}, ProductID={productInfo?.ProductID ?? "(null)"}");
 
-            //Only validate the first domain for digicert, that is the only one that has to match approver email
-            if (count==1 && productInfo.ProductID.Contains("digi") && arrayApproverEmails.Length>0)
+            try
             {
-                if (!validEmails.Result.ApproverEmailList.Contains(arrayApproverEmails[0]))
-                
+                if (validEmails == null)
                 {
-                    return $"Digicert Approver Email must be one of the following {string.Join(",", validEmails.Result.ApproverEmailList)}";
+                    Logger.Error("ValidateEmails: validEmails task is null.");
+                    return "Email approver validation failed: no response from approver list request.";
                 }
-            }
 
-            if (!productInfo.ProductID.Contains("digi"))
-            {
-                //See if emails passed in match any of the valid approver emails if not then error                
-                if (!validEmails.Result.ApproverEmailList.Intersect(arrayApproverEmails).Any())
+                if (arrayApproverEmails == null)
                 {
-                    return $"Sectigo Approver Email must be one of the following {string.Join(",", validEmails.Result.ApproverEmailList)}";
+                    Logger.Error("ValidateEmails: arrayApproverEmails is null.");
+                    return "Email approver validation failed: approver email list is null.";
                 }
 
-            }
+                if (productInfo?.ProductID == null)
+                {
+                    Logger.Error("ValidateEmails: productInfo or ProductID is null.");
+                    return "Email approver validation failed: product info is null.";
+                }
+
+                if (arrayApproverEmails.Length > 1 && productInfo.ProductID.Contains("digi"))
+                {
+                    Logger.Warn("ValidateEmails: Multiple approver emails for Digicert product.");
+                    return "There should only be one approval email for Digicert products.";
+                }
+
+                // Wait for the task and check for errors
+                EmailApproverResponse emailResult;
+                try
+                {
+                    emailResult = validEmails.Result;
+                }
+                catch (AggregateException aggEx)
+                {
+                    var flatEx = aggEx.Flatten();
+                    Logger.Error($"ValidateEmails: Failed to get email approver list: {flatEx.Message}\n{flatEx.StackTrace}");
+                    return $"Failed to retrieve email approver list: {flatEx.Message}";
+                }
+
+                if (emailResult == null)
+                {
+                    Logger.Error("ValidateEmails: Email approver response result is null.");
+                    return "Email approver validation failed: response was null.";
+                }
+
+                if (emailResult.ApproverEmailList == null)
+                {
+                    Logger.Error("ValidateEmails: ApproverEmailList is null in response.");
+                    return "Email approver validation failed: approver email list in response was null.";
+                }
+
+                Logger.Trace($"ValidateEmails: Valid approver emails from API: {string.Join(", ", emailResult.ApproverEmailList)}");
+
+                //Only validate the first domain for digicert, that is the only one that has to match approver email
+                if (count == 1 && productInfo.ProductID.Contains("digi") && arrayApproverEmails.Length > 0)
+                {
+                    Logger.Trace($"ValidateEmails: Checking Digicert approver email '{arrayApproverEmails[0]}' against valid list.");
+                    if (!emailResult.ApproverEmailList.Contains(arrayApproverEmails[0]))
+                    {
+                        return $"Digicert Approver Email must be one of the following {string.Join(",", emailResult.ApproverEmailList)}";
+                    }
+                }
 
-            return "";
+                if (!productInfo.ProductID.Contains("digi"))
+                {
+                    Logger.Trace("ValidateEmails: Checking Sectigo approver emails against valid list.");
+                    //See if emails passed in match any of the valid approver emails if not then error
+                    if (!emailResult.ApproverEmailList.Intersect(arrayApproverEmails).Any())
+                    {
+                        return $"Sectigo Approver Email must be one of the following {string.Join(",", emailResult.ApproverEmailList)}";
+                    }
+                }
+
+                Logger.Trace("ValidateEmails: Validation passed.");
+                return "";
+            }
+            catch (Exception ex)
+            {
+                Logger.Error($"ValidateEmails unexpected error: {ex.Message}\n{ex.StackTrace}");
+                if (ex.InnerException != null)
+                    Logger.Error($"Inner exception: {ex.InnerException.Message}\n{ex.InnerException.StackTrace}");
+                return $"Email validation failed with unexpected error: {ex.Message}";
+            }
         }
     }
 }
\ No newline at end of file