Configure the AnyCAPlugin

Once the AnyCAGateway REST has been installed, you need to install the AnyCAPlugin for your Keyfactor or custom integration to a third-party CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA..

Installations on Windows

To install a CA plugin for installations on Windows running under Kestrel or IIS:

1. Acquire the AnyCAPlugin artifact for the integration. Gateway integrations for common third-party gateways are publicly available in the Keyfactor GitHub:

   https://keyfactor.github.io/integrations-catalog/content/caplugin

2. Follow the instructions provided with the integration to install the AnyCAPlugin, which may include creating a folder, a manifest.json file, and copying the files to specific locations.

   Tip:  If you receive error messages in the logs that mention connector set up when accessing the portal, it means you have missed this step.

   2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayCore.NoOpAnyCAPlugin [Warn] - The current AnyCAPlugin is a placeholder. Please configure a AnyCAPlugin in the manifest.json.

   2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayREST.Filters.APIExceptionFilter [Error] - Keyfactor encountered an error processing the request. Please view the server log for more detail. (Error Code: 0x80004001)

   2023-08-30 12:15:13.4538 Keyfactor.AnyGatewayREST.Filters.APIExceptionFilter [Error] - The method or operation is not implemented.

Installations in Containers under Kubernetes

To install a CA plugin for container installations under Kubernetes:

1. Acquire the AnyCAPlugin artifact for the integration. Gateway integrations for common third-party gateways are publicly available in the Keyfactor GitHub:

   https://keyfactor.github.io/integrations-catalog/content/caplugin

2. On your Kubernetes server, create a subdirectory under your working directory for the plugin and copy the manifest.json file for the plugin and the files referenced by the plugin to this directory. The following GoDaddy manifest.json file is provided as an example:

   Copy

   {
       "extensions": {
           "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": {
               "GoDaddyCAPlugin": {
                   "assemblypath": "GoDaddyCAPlugin.dll",
                   "TypeFullName": "Keyfactor.Extensions.CAPlugin.GoDaddy.GoDaddyCAPlugin"
               }
           }
       }
   }

3. Create a PersistentVolume in Kubernetes to contain your manifest.json file, the dll it references, and any supporting files. The steps for this will vary depending on your Kubernetes implementation and the intended storage location used by your PersistentVolume.

   Tip:  You can create a PersistentVolume in the local file system for testing purposes as follows:

   1. Create a directory that your PersistentVolume will reference and which will contain the files to be mounted via the persistent volume. For example:

      mkdir /opt/files/godaddy

   2. Create a YAML file to define the PersistentVolume similar to the following:

      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: godaddy-pv
      spec:
        storageClassName: manual
        capacity:
          storage: 10Gi
      accessModes:
        - ReadWriteOnce
      hostPath:
        path: "/opt/files/godaddy"

   3. Create the PersistentVolume based on the yaml file you created. For example:

      sudo kubectl apply --filename=/opt/files/godaddy-pv.yaml

      PersistentVolumes are cluster-scoped resources, meaning they are not associated with a specific namespace.

   4. Create a YAML file to define a PersistentVolumeClaim associated with the PersistentVolume similar to the following:

      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: godaddy-pvc
      spec:
        storageClassName: manual
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi

   5. Create the PersistentVolumeClaim based on the yaml file you created. For example:

      sudo kubectl apply --filename=/opt/files/godaddy-pvc.yaml --namespace keyfactor-command

      Unlike PersistentVolumes, PersistentVolumeClaims are associated with a specific namespace.

   6. Place the files that should be mounted in the container into the directory you specified in the file system. For example:

      /opt/files/workflow/manifest.json
      /opt/files/workflow/GoDaddyCAPlugin.dll
      Note:  The GoDaddy CA plugin contains many more files not shown here.

   Important:  This method should not be used for a production PersistentVolume.

4. Edit your values file to add a volume and volumeMount for the PersistentVolume containing the manifest.json file, dll, and any supporting files. For example, the following values file section shows the example root trusts volume (see Install Keyfactor Command in Containers Under Kubernetes) and the ca-plugin-volume. Your PersistentVolumeClaim name should match the claimName referenced here.

   volumes:
     - name: root-cas
       configMap:
         name: ca-roots
         items:
           - key: ca-certificates.crt
             path: ca-certificates.crt
     - name: ca-plugin-volume
       persistentVolumeClaim:
         claimName: godaddy-pvc
   volumeMounts:
     - name: root-cas
       mountPath: /etc/ssl/certs/ca-certificates.crt
       subPath: ca-certificates.crt
     - name: ca-plugin-volume
       mountPath: /app/Extensions/ca-plugin-godaddy

5. Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:

   sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-gateway --values values-local.yaml oci://repo.keyfactor.com/charts/command/anygateway-rest --version 1.0.1