Once the AnyCAGateway REST has been installed, you need to install the AnyCAPlugin for your Keyfactor or custom integration to a third-party CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA..
Installations on Windows
To install a CA plugin for installations on Windows running under Kestrel or IIS:
-
Acquire the AnyCAPlugin artifact for the integration. Gateway integrations for common third-party gateways are publicly available in the Keyfactor GitHub:
-
Follow the instructions provided with the integration to install the AnyCAPlugin, which may include creating a folder, a manifest.json file, and copying the files to specific locations.
Tip: If you receive error messages in the logs that mention connector set up when accessing the portal, it means you have missed this step.2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayCore.NoOpAnyCAPlugin [Warn] - The current AnyCAPlugin is a placeholder. Please configure a AnyCAPlugin in the manifest.json.
2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayREST.Filters.APIExceptionFilter [Error] - Keyfactor encountered an error processing the request. Please view the server log for more detail. (Error Code: 0x80004001)
2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayREST.Filters.APIExceptionFilter [Error] - The method or operation is not implemented.
An OIDCEventProviders folder exists under the above directory containing a manifest.json file used for Auth0 functionality. Be sure not to disturb this directory.
Installations in Containers under Kubernetes
To install a CA plugin for contain installations under Kubernetes:
-
Acquire the AnyCAPlugin artifact for the integration. Gateway integrations for common third-party gateways are publicly available in the Keyfactor GitHub:
-
On your Kubernetes server, create a subdirectory under your working directory for the plugin and copy the manifest.json file for the plugin and the files referenced by the plugin to this directory. The following GoDaddy manifest.json file is provided as an example:
Copy{
"extensions": {
"Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": {
"GoDaddyCAPlugin": {
"assemblypath": "GoDaddyCAPlugin.dll",
"TypeFullName": "Keyfactor.Extensions.CAPlugin.GoDaddy.GoDaddyCAPlugin"
}
}
}
} -
Create a persistent volume in Kubernetes to contain your manifest.json file, the dll it references, and any supporting files. The steps for this will vary depending on your Kubernetes implementation and the intended storage location used by your persistent volume.
-
Edit your values file to add a volume and volumeMount for the persistent volume containing the manifest.json file, dll, and any supporting files. For example, the following values file section shows the example root trusts volume (see Install Keyfactor Command in Containers Under Kubernetes) and the ca-plugin-volume. Your persistent volume claim name should match the claimName referenced here.
volumes: - name: root-cas configMap: name: ca-roots items: - key: ca-certificates.crt path: ca-certificates.crt - name: ca-plugin-volume persistentVolumeClaim: claimName: godaddy-pvc volumeMounts: - name: root-cas mountPath: /etc/ssl/certs/ca-certificates.crt subPath: ca-certificates.crt - name: ca-plugin-volume mountPath: /app/Extensions/ca-plugin-godaddy -
Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:
sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-gateway --values values-local.yaml oci://repo.keyfactor.com/charts/command/anygateway-rest --version 1.0.1