Merge branch 'logicalcafilters' of https://github.com/Keyfactor/idnomic-caplugin into logicalcafilters

bhillkeyfactor · bhillkeyfactor · commit ee392e599cc3 · 2026-04-09T14:11:17.000-04:00
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 <h1 align="center" style="border-bottom: none">
-    Idnomic PKI  Gateway AnyCA Gateway REST Plugin
+    Idnomic PKI AnyCA Gateway REST Plugin
 </h1>
 
 <p align="center">
@@ -51,10 +51,10 @@ The Idnomic PKI Gateway plugin extends the capabilities of Idnomic PKI (formerly
 
 ## Compatibility
 
-The Idnomic PKI  Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2.0 and later.
+The Idnomic PKI AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2.0 and later.
 
 ## Support
-The Idnomic PKI  Gateway AnyCA Gateway REST plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
+The Idnomic PKI AnyCA Gateway REST plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
 
 > To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
@@ -164,7 +164,7 @@ The plugin supports the following standard CRL revocation reasons:
 
 1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm).
 
-2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Idnomic PKI  Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/idnomic-caplugin/releases/latest) from GitHub.
+2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Idnomic PKI AnyCA Gateway REST plugin](https://github.com/Keyfactor/idnomic-caplugin/releases/latest) from GitHub.
 
 3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory:
 
@@ -175,11 +175,11 @@ The plugin supports the following standard CRL revocation reasons:
     Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
     ```
 
-    > The directory containing the Idnomic PKI  Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory.
+    > The directory containing the Idnomic PKI AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory.
 
 4. Restart the AnyCA Gateway REST service.
 
-5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Idnomic PKI  Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal.
+5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the Idnomic PKI plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal.
 
 ## Configuration
 
@@ -237,6 +237,7 @@ The plugin supports the following standard CRL revocation reasons:
         * **ClientCertLocation** - The file path to the client certificate used for mutual TLS authentication with the Idnomic service. 
         * **ClientCertPassword** - The password for the client certificate. 
         * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. 
+        * **IssuerDnFilter** - Optional filter to restrict certificate synchronization to a specific issuing CA. Only certificates whose Issuer DN contains this value (case-insensitive) will be synchronized. For example, 'CN=MySubCA' will match any certificate issued by a CA whose DN contains that string. Can also be specified as a suffix on the endpoint URL using ||issuerdnfilter=<value> syntax. 
 
 2. Create Templates that Match Corresponding products in Idnomic
 
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -28,6 +28,10 @@
                 {
                     "name": "Enabled",
                     "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
+                },
+                {
+                    "name": "IssuerDnFilter",
+                    "description": "Optional filter to restrict certificate synchronization to a specific issuing CA. Only certificates whose Issuer DN contains this value (case-insensitive) will be synchronized. For example, 'CN=MySubCA' will match any certificate issued by a CA whose DN contains that string. Can also be specified as a suffix on the endpoint URL using ||issuerdnfilter=<value> syntax."
                 }
             ],
             "enrollment_config": [

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,10 @@`
`28`	`28`	`{`
`29`	`29`	`"name": "Enabled",`
`30`	`30`	`"description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."`
	`31`	`+ },`
	`32`	`+ {`
	`33`	`+ "name": "IssuerDnFilter",`
	`34`	`+ "description": "Optional filter to restrict certificate synchronization to a specific issuing CA. Only certificates whose Issuer DN contains this value (case-insensitive) will be synchronized. For example, 'CN=MySubCA' will match any certificate issued by a CA whose DN contains that string. Can also be specified as a suffix on the endpoint URL using \|\|issuerdnfilter=<value> syntax."`
`31`	`35`	`}`
`32`	`36`	`],`
`33`	`37`	`"enrollment_config": [`