Support · Requirements · Installation · License · Related Integrations
The GlobalSign Atlas AnyCA Gateway REST plugin extends the capabilities of GlobalSign Atlas to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin has the following capabilities:
- SSl Certificate Synchronization
- SSL Certificate Enrollment
- SSL Certificate Revocation
The GlobalSign Atlas AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2.0 and later.
The GlobalSign Atlas AnyCA Gateway REST plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com.
To report a problem or suggest a new feature, use the Issues tab. If you want to contribute actual bug fixes or proposed enhancements, use the Pull requests tab.
To use the GlobalSign Atlas AnyCA Gateway, you must generate a set of API Credentials (key/secret) within the Atlas portal, as well as an mTLS certificate linked to those credentials.
-
Install the AnyCA Gateway REST per the official Keyfactor documentation.
-
On the server hosting the AnyCA Gateway REST, download and unzip the latest GlobalSign Atlas AnyCA Gateway REST plugin from GitHub.
-
Copy the unzipped directory (usually called
net8.0ornet10.0) to the Extensions directory:Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations: Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net10.0\Extensions
The directory containing the GlobalSign Atlas AnyCA Gateway REST plugin DLLs (
net8.0ornet10.0) can be named anything, as long as it is unique within theExtensionsdirectory. -
Restart the AnyCA Gateway REST service.
-
Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the GlobalSign Atlas plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal.
-
Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, and use the notes below to configure the Gateway Registration and CA Connection tabs:
-
Gateway Registration
In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you configure your Root and/or Subordinate CA in your Atlas account, make sure to download and import the certificate chain into the Command Server certificate store
-
CA Connection
Populate using the configuration fields collected in the requirements section.
- ApiKey - The API key for the Atlas credentials the gateway will use.
- ApiSecret - The corresponding API secret value that matches with the ApiKey.
- ClientCertificate - The client auth certificate to use with the Atlas API
- SyncStartDate - The earliest date to go back when doing a full sync.
-
-
When defining templates, the product ID should just be defined as "certificate".
-
Follow the official Keyfactor documentation to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
-
In Keyfactor Command (v12.3+), for each imported Certificate Template, follow the official documentation to define enrollment fields for each of the following parameters:
- Lifetime - The term length (in days) to use for enrollment.
- KeyUsage - The key usage to use for enrolled certs. Valid values are 'client', 'server', and 'clientserver'.
Apache License 2.0, see LICENSE.
See all Keyfactor Any CA Gateways (REST).