{"id":25190191,"url":"https://github.com/keyfactor/entrust-cagateway-cagateway","last_synced_at":"2025-08-02T01:39:09.513Z","repository":{"id":230060861,"uuid":"362826711","full_name":"Keyfactor/entrust-cagateway-cagateway","owner":"Keyfactor","description":"This AnyGateway implementation consumes the Entrust CA Gateway API to provide access to the Entrust Certificate Services, Entrust Authority Security Manager, and Entrust Managed PKI product lines. ","archived":false,"fork":false,"pushed_at":"2024-04-15T22:56:11.000Z","size":66,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-05-25T12:02:23.597Z","etag":null,"topics":["keyfactor-cagateway","keyfactor-needsreview"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keyfactor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-29T13:27:41.000Z","updated_at":"2024-06-11T20:25:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"f69515c4-2a14-4fa5-bac7-60b5a67e0001","html_url":"https://github.com/Keyfactor/entrust-cagateway-cagateway","commit_stats":null,"previous_names":["keyfactor/entrust-cagateway-cagateway"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/Keyfactor/entrust-cagateway-cagateway","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fentrust-cagateway-cagateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fentrust-cagateway-cagateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fentrust-cagateway-cagateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fentrust-cagateway-cagateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keyfactor","download_url":"https://codeload.github.com/Keyfactor/entrust-cagateway-cagateway/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fentrust-cagateway-cagateway/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268326357,"owners_count":24232472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keyfactor-cagateway","keyfactor-needsreview"],"created_at":"2025-02-09T21:19:11.101Z","updated_at":"2025-08-02T01:39:09.469Z","avatar_url":"https://github.com/Keyfactor.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Entrust CA Gateway\n\nThis AnyGateway implementation consumes the Entrust CA Gateway API to provide access to the Entrust Certificate Services, Entrust Authority Security Manager, and Entrust Managed PKI product lines.\n\n#### Integration status: Production - Ready for use in production environments.\n\n## About the Keyfactor AnyCA Gateway DCOM Connector\n\nThis repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.\n\n## Support for Entrust CA Gateway\n\nEntrust CA Gateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com\n\n###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.\n\n---\n\n\n---\n\n\n\n\n\n## Keyfactor AnyCA Gateway Framework Supported\nThe Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command.\n\n\n\n\nThis gateway extension was compiled against version 10.x.x of the AnyCA Gateway DCOM Framework. You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly.\n\n\n[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm)\n\n\n\n---\n\n\n# Introduction\nThe [Entrust CA Gateway](https://blog.entrust.com/2019/08/its-time-to-rest-easy/) is a RESTful API platform that allows for the issuance, synchronization, and management of CA certificates backed by Entrust's Manged SSL service, public CA offering, and Microsoft CAs.\n\n# Prerequisites\n\n## Certificate Chain\n\nIn order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the Command Server certificate store\n\n# Install\n* Download latest successful build from [GitHub Releases](../../releases/latest)\n\n* Copy EntrustCAProxy.dll to the Program Files\\Keyfactor\\Keyfactor AnyGateway directory\n\n* Update the CAProxyServer.config file\n * Update the CAConnection section to point at the EntrustCAProxy class\n ```xml\n \u003calias alias=\"CAConnector\" type=\"Keyfactor.AnyGateway.Entrust.EntrustCAProxy, EntrustCAProxy\"/\u003e\n ```\n\n# Configuration\nThe following sections will breakdown the required configurations for the AnyGatewayConfig.json file that will be imported to configure the AnyGateway.\n\n## Templates\nThe Template section will map the CA's SSL profile to an AD template. For private CAs there are no addtional parameters required. The ProductID can be found via an authenticated GET /v1/certificate-authorities/{caId}/profiles request to the ApiEndpoint. ```curl -X GET \"https://cagw.yourcorp.com/cagw/v1/certificate-authorities/CA-Jupiter/profiles\" -H \"accept: application/json\"```\n ```json\n \"Templates\": {\n\t\"WebServer\": {\n \"ProductID\": \"f733787d-5649-4c74-b596-3a7f79b6172b\",\n \"Parameters\": {\n }\n }\n}\n ```\n## Security\nThe security section does not change specifically for the Entrust CA Gateway. Refer to the AnyGateway Documentation for more detail.\n```json\n /*Grant permissions on the CA to users or groups in the local domain.\n\tREAD: Enumerate and read contents of certificates.\n\tENROLL: Request certificates from the CA.\n\tOFFICER: Perform certificate functions such as issuance and revocation. This is equivalent to \"Issue and Manage\" permission on the Microsoft CA.\n\tADMINISTRATOR: Configure/reconfigure the gateway.\n\tValid permission settings are \"Allow\", \"None\", and \"Deny\".*/\n \"Security\": {\n \"Keyfactor\\\\Administrator\": {\n \"READ\": \"Allow\",\n \"ENROLL\": \"Allow\",\n \"OFFICER\": \"Allow\",\n \"ADMINISTRATOR\": \"Allow\"\n },\n \"Keyfactor\\\\gateway_test\": {\n \"READ\": \"Allow\",\n \"ENROLL\": \"Allow\",\n \"OFFICER\": \"Allow\",\n \"ADMINISTRATOR\": \"Allow\"\n },\t\t\n \"Keyfactor\\\\SVC_TimerService\": {\n \"READ\": \"Allow\",\n \"ENROLL\": \"Allow\",\n \"OFFICER\": \"Allow\",\n \"ADMINISTRATOR\": \"None\"\n },\n \"Keyfactor\\\\SVC_AppPool\": {\n \"READ\": \"Allow\",\n \"ENROLL\": \"Allow\",\n \"OFFICER\": \"Allow\",\n \"ADMINISTRATOR\": \"Allow\"\n }\n }\n```\n## CerificateManagers\nThe Certificate Managers section is optional.\n\tIf configured, all users or groups granted OFFICER permissions under the Security section\n\tmust be configured for at least one Template and one Requester. \n\tUses \"\u003cAll\u003e\" to specify all templates. Uses \"Everyone\" to specify all requesters.\n\tValid permission values are \"Allow\" and \"Deny\".\n```json\n \"CertificateManagers\":{\n\t\t\"DOMAIN\\\\Username\":{\n\t\t\t\"Templates\":{\n\t\t\t\t\"MyTemplateShortName\":{\n\t\t\t\t\t\"Requesters\":{\n\t\t\t\t\t\t\"Everyone\":\"Allow\",\n\t\t\t\t\t\t\"DOMAIN\\\\Groupname\":\"Deny\"\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t\t\"\u003cAll\u003e\":{\n\t\t\t\t\t\"Requesters\":{\n\t\t\t\t\t\t\"Everyone\":\"Allow\"\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n```\n## CAConnection\nThe CA Connection section will determine the API endpoint and configuration data used to connect to Entrust CA Gateway. \n* ```ApiEndpoint```\nThis is the base address of the endpoint used by the Gateway to connect to the API.\n* ```CAId```\nThis is the name of the CA configured within the Entrust CA Gateway that is being integrated with. This value can be found with an authenticated GET /v1/certificate-authorities request to the ApiEndpoint. ```curl -X GET \"https://cagw.yourcorp.com/cagw/v1/certificate-authorities\" -H \"accept: application/json\"```\n* ```ClientCertificate```\nThis section will determine which certificate is used by the AnyGateway to authenticate to the API. It will search the Windows Certficaite Store by Location and Thumbprint to find the correct certificate. The network service account must have access to the Certificate and Key Material for certificate authentication to work. \n* ```TrackingMap```\nThe TrackingMap configuration parameters are required for Entrust Certificate Services (Public CA) and allows for configurable Enrollment Fields to be defined in Keyfactor Command. These fields must be defined on all templates to be issued from the ECS CA.\n\n```json\n \"CAConnection\": {\n\t\"ApiEndpoint\":\"https://cagw.yourcorp.com/cagw/\",\n\t\"CAId\":\"CA-Jupiter\",\n\t\"ClientCertificate\":{\n\t\t\"StoreName\":\"My\",\n\t\t\"StoreLocation\":\"LocalMachine\",\n\t\t\"Thumbprint\":\"e53342b3af95c98884c3438a96eab0e9952fdb6d\"\n\t},\n \"TrackingMap\":{\n\t\t\"TrackingInfo\":\"TrackingInfo\",\n\t\t\"TrackingEmail\":\"TrackingEmail\",\n\t\t\"TrackingPhone\":\"TrackingPhone\",\n\t\t\"TrackingName\":\"TrackingName\",\n\t\t\"TrackingAdditonalEmails\":\"TrackingAdditonalEmails\"\n }\n }\n```\n## GatewayRegistration\nThere are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail.\n```json\n \"GatewayRegistration\": {\n \"LogicalName\": \"EntrustCASandbox\",\n \"GatewayCertificate\": {\n \"StoreName\": \"CA\",\n \"StoreLocation\": \"LocalMachine\",\n \"Thumbprint\": \"bc6d6b168ce5c08a690c15e03be596bbaa095ebf\"\n }\n }\n```\n\n## ServiceSettings\nThere are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail.\n```json\n \"ServiceSettings\": {\n \"ViewIdleMinutes\": 8,\n \"FullScanPeriodHours\": 24,\n\t\"PartialScanPeriodMinutes\": 480 \n }\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fentrust-cagateway-cagateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeyfactor%2Fentrust-cagateway-cagateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fentrust-cagateway-cagateway/lists"}