Support · Requirements · Installation · License · Related Integrations
The Idnomic PKI Gateway plugin extends the capabilities of Idnomic PKI (formerly OpenTrust PKI) to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the Idnomic SOAP-based connectors to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:
- CA Sync:
- Download all certificates issued by the Idnomic CA
- Support for incremental and full synchronization
- Filter certificates by issuance date
- Certificate Enrollment:
- Support certificate enrollment with new key pairs
- Dynamic template (profile) discovery from the CA
- Zone-based certificate issuance
- Support for PKCS#10 CSR format
- Certificate Revocation:
- Request revocation of previously issued certificates
- Support for standard CRL revocation reasons
The Idnomic PKI Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2.0 and later.
The Idnomic PKI Gateway AnyCA Gateway REST plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com.
To report a problem or suggest a new feature, use the Issues tab. If you want to contribute actual bug fixes or proposed enhancements, use the Pull requests tab.
TODO Requirements is a required section
-
Install the AnyCA Gateway REST per the official Keyfactor documentation.
-
On the server hosting the AnyCA Gateway REST, download and unzip the latest Idnomic PKI Gateway AnyCA Gateway REST plugin from GitHub.
-
Copy the unzipped directory (usually called
net6.0ornet8.0) to the Extensions directory:Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations: Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
The directory containing the Idnomic PKI Gateway AnyCA Gateway REST plugin DLLs (
net6.0ornet8.0) can be named anything, as long as it is unique within theExtensionsdirectory. -
Restart the AnyCA Gateway REST service.
-
Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Idnomic PKI Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal.
-
Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, and use the notes below to configure the Gateway Registration and CA Connection tabs:
-
Gateway Registration
TODO Gateway Registration is a required section
-
CA Connection
Populate using the configuration fields collected in the requirements section.
- EndpointAddress - The SOAP endpoint address for the Idnomic RA service. For example, 'https://idnomic-server.com/ra-service'.
- ClientCertLocation - The file path to the client certificate used for mutual TLS authentication with the Idnomic service.
- ClientCertPassword - The password for the client certificate.
- Enabled - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.
-
-
TODO Certificate Template Creation Step is a required section
-
Follow the official Keyfactor documentation to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
Apache License 2.0, see LICENSE.
See all Keyfactor Any CA Gateways (REST).