diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22bd915c..3c41090c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+v2.11.0
+- Added ability to set SSH port when managing Linux servers
+- Bug Fix - Issue adding new certificate with private key to RFPEM store on Windows
+
v2.10.0
- Added support for Eliptical Curve (EC) private keys for RFPEM.
- For Linux hosted certificate stores, added ability to inherit file permissions and ownership when creating new stores by modifying default behavior when config.json and certificate store permissions/ownership settings are left empty.
diff --git a/README.md b/README.md
index 0f253135..6b055791 100644
--- a/README.md
+++ b/README.md
@@ -148,7 +148,7 @@ Use cases supported:
This integration is compatible with Keyfactor Universal Orchestrator version 10.4 and later.
## Support
-The Remote File Universal Orchestrator extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com.
+The Remote File Universal Orchestrator extension If you have a support issue, please open a support ticket by either contacting your Keyfactor representative or via the Keyfactor Support Portal at https://support.keyfactor.com.
> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
@@ -247,6 +247,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -254,12 +256,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -317,6 +320,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -324,16 +329,17 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting.. | String | | 🔲 Unchecked |
| IsTrustStore | Trust Store | The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key. | Bool | false | 🔲 Unchecked |
| IncludesChain | Store Includes Chain | The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it. | Bool | false | 🔲 Unchecked |
| SeparatePrivateKeyFilePath | Separate Private Key File Location | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'. | String | | 🔲 Unchecked |
| IgnorePrivateKeyOnInventory | Ignore Private Key On Inventory | The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it. | Bool | false | 🔲 Unchecked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -391,6 +397,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -398,12 +406,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -461,6 +470,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -468,13 +479,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. | String | | 🔲 Unchecked |
| SeparatePrivateKeyFilePath | Separate Private Key File Location | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'. | String | | 🔲 Unchecked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -532,6 +544,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -539,12 +553,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. | String | | 🔲 Unchecked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -602,6 +617,8 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
+ > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
#### Custom Fields Tab
Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
@@ -609,13 +626,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* | Secret | | 🔲 Unchecked |
- | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. | String | | 🔲 Unchecked |
- | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. | String | | 🔲 Unchecked |
- | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. | String | | 🔲 Unchecked |
+ | LinuxFilePermissionsOnStoreCreation | Linux File Permissions on Store Creation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | LinuxFileOwnerOnStoreCreation | Linux File Owner on Store Creation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
+ | SudoImpersonatingUser | Sudo Impersonating User | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. | String | | 🔲 Unchecked |
| WorkFolder | Location to use for creation/removal of work files | The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'. | String | | ✅ Checked |
| RemoveRootCertificate | Remove Root Certificate from Chain | Remove root certificate from chain when adding/renewing a certificate in a store. | Bool | False | 🔲 Unchecked |
| IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked |
- | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). | MultipleChoice | SCP,SFTP,Both | 🔲 Unchecked |
+ | FileTransferProtocol | File Transfer Protocol to Use | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. | MultipleChoice | ,SCP,SFTP,Both | 🔲 Unchecked |
+ | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked |
The Custom Fields tab should look like this:
@@ -682,7 +700,8 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
"SeparateUploadFilePath": "",
"FileTransferProtocol": "SCP",
"DefaultLinuxPermissionsOnStoreCreation": "600",
- "DefaultOwnerOnStoreCreation": ""
+ "DefaultOwnerOnStoreCreation": "",
+ "SSHPort": ""
}
@@ -757,6 +776,15 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
+
+SSHPort (Applicable for Linux hosted certificate stores only)
+
+* This optional value should be an integer value representing the port that SSH is listening on
+* Allowed values - Any valid integer representing a valid port
+* Default Value - 22.
+
+
+
## Defining Certificate Stores
@@ -785,12 +813,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFJKS` certificates. Specifically, one with the `RFJKS` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -833,12 +862,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFJKS` certificates. Specifically, one with the `RFJKS` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -891,16 +921,17 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFPEM` certificates. Specifically, one with the `RFPEM` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting.. |
| IsTrustStore | The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key. |
| IncludesChain | The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it. |
| SeparatePrivateKeyFilePath | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'. |
| IgnorePrivateKeyOnInventory | The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' |
@@ -943,16 +974,17 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFPEM` certificates. Specifically, one with the `RFPEM` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting.. |
| IsTrustStore | The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key. |
| IncludesChain | The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it. |
| SeparatePrivateKeyFilePath | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'. |
| IgnorePrivateKeyOnInventory | The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value' |
@@ -1005,12 +1037,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFPkcs12` certificates. Specifically, one with the `RFPkcs12` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1053,12 +1086,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFPkcs12` certificates. Specifically, one with the `RFPkcs12` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1111,13 +1145,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFDER` certificates. Specifically, one with the `RFDER` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| SeparatePrivateKeyFilePath | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1160,13 +1195,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFDER` certificates. Specifically, one with the `RFDER` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| SeparatePrivateKeyFilePath | The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1219,12 +1255,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFKDB` certificates. Specifically, one with the `RFKDB` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1267,12 +1304,13 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFKDB` certificates. Specifically, one with the `RFKDB` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1325,13 +1363,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFORA` certificates. Specifically, one with the `RFORA` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| WorkFolder | The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
@@ -1374,13 +1413,14 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store
| Orchestrator | Select an approved orchestrator capable of managing `RFORA` certificates. Specifically, one with the `RFORA` capability. |
| ServerUsername | A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value* |
| ServerPassword | A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value* |
- | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. |
- | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. |
- | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. |
+ | LinuxFilePermissionsOnStoreCreation | The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. |
+ | LinuxFileOwnerOnStoreCreation | The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. |
+ | SudoImpersonatingUser | The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. |
| WorkFolder | The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'. |
| RemoveRootCertificate | Remove root certificate from chain when adding/renewing a certificate in a store. |
| IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. |
- | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). |
+ | FileTransferProtocol | Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting. |
+ | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. |
| Store Password | Password used to secure the Certificate Store |
diff --git a/RemoteFile/ApplicationSettings.cs b/RemoteFile/ApplicationSettings.cs
index fa926052..6cd8b207 100644
--- a/RemoteFile/ApplicationSettings.cs
+++ b/RemoteFile/ApplicationSettings.cs
@@ -28,6 +28,7 @@ public enum FileTransferProtocolEnum
private const string DEFAULT_LINUX_PERMISSION_SETTING = "";
private const string DEFAULT_OWNER_SETTING = "";
private const string DEFAULT_SUDO_IMPERSONATION_SETTING = "";
+ private const int DEFAULT_SSH_PORT = 22;
private static Dictionary configuration;
@@ -40,6 +41,24 @@ public enum FileTransferProtocolEnum
public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
public static bool CreateCSROnDevice { get { return configuration.ContainsKey("CreateCSROnDevice") ? configuration["CreateCSROnDevice"]?.ToUpper() == "Y" : false; } }
public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"] : string.Empty; } }
+ public static int SSHPort
+ {
+ get
+ {
+ if (configuration.ContainsKey("SSHPort") && !string.IsNullOrEmpty(configuration["SSHPort"]))
+ {
+ int sshPort;
+ if (int.TryParse(configuration["SSHPort"], out sshPort))
+ return sshPort;
+ else
+ throw new RemoteFileException($"Invalid optional config.json SSHPort value of {configuration["SSHPort"]}. If present, this must be an integer value.");
+ }
+ else
+ {
+ return DEFAULT_SSH_PORT;
+ }
+ }
+ }
public static FileTransferProtocolEnum FileTransferProtocol
{
get
diff --git a/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
index 2e6667ca..9015ca2f 100644
--- a/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
+++ b/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
@@ -294,7 +294,7 @@ private PrivateKeyTypeEnum GetPrivateKeyType(string storeContents, out string pr
{
foreach (string begDelim in PrivateKeyDelimetersPkcs8)
{
- if (string.IsNullOrEmpty(storeContents) || storeContents.Contains(begDelim))
+ if (string.IsNullOrEmpty(storeContents) || storeContents.Length < 10 || storeContents.Contains(begDelim))
{
privateKeyBegDelim = begDelim;
return PrivateKeyTypeEnum.PKCS8;
diff --git a/RemoteFile/InventoryBase.cs b/RemoteFile/InventoryBase.cs
index b8c904d7..b7b4e930 100644
--- a/RemoteFile/InventoryBase.cs
+++ b/RemoteFile/InventoryBase.cs
@@ -28,41 +28,18 @@ public abstract class InventoryBase : RemoteFileJobTypeBase, IInventoryJobExtens
public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate submitInventory)
{
ILogger logger = LogHandler.GetClassLogger(this.GetType());
- logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
- logger.LogDebug($"Server: { config.CertificateStoreDetails.ClientMachine }");
- logger.LogDebug($"Store Path: { config.CertificateStoreDetails.StorePath }");
- logger.LogDebug($"Job Properties:");
- foreach (KeyValuePair keyValue in config.JobProperties ?? new Dictionary())
- {
- logger.LogDebug($" {keyValue.Key}: {keyValue.Value}");
- }
ICertificateStoreSerializer certificateStoreSerializer = GetCertificateStoreSerializer(config.CertificateStoreDetails.Properties);
List inventoryItems = new List();
try
{
- string userName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", config.ServerUsername);
- string userPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", config.ServerPassword);
- string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
-
ApplicationSettings.Initialize(this.GetType().Assembly.Location);
- dynamic properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties.ToString());
- string sudoImpersonatedUser = properties.SudoImpersonatedUser == null || string.IsNullOrEmpty(properties.SudoImpersonatedUser.Value) ?
- ApplicationSettings.DefaultSudoImpersonatedUser :
- properties.SudoImpersonatedUser.Value;
- bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
- false :
- Convert.ToBoolean(properties.IncludePortInSPN.Value);
-
- ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
- if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
- {
- Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
- }
- certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
- certificateStore.Initialize(sudoImpersonatedUser);
+ SetJobProperties(config, config.CertificateStoreDetails, logger);
+
+ certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, FileTransferProtocol, SSHPort, IncludePortInSPN);
+ certificateStore.Initialize(SudoImpersonatedUser);
certificateStore.LoadCertificateStore(certificateStoreSerializer, true);
List collections = certificateStore.GetCertificateChains();
diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs
index 838bbfe0..b0bad1ac 100644
--- a/RemoteFile/ManagementBase.cs
+++ b/RemoteFile/ManagementBase.cs
@@ -28,43 +28,17 @@ public abstract class ManagementBase : RemoteFileJobTypeBase, IManagementJobExte
public JobResult ProcessJob(ManagementJobConfiguration config)
{
ILogger logger = LogHandler.GetClassLogger(this.GetType());
- logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
- logger.LogDebug($"Server: {config.CertificateStoreDetails.ClientMachine}");
- logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}");
- logger.LogDebug($"Job Properties:");
- foreach (KeyValuePair keyValue in config.JobProperties == null ? new Dictionary() : config.JobProperties)
- {
- logger.LogDebug($" {keyValue.Key}: {keyValue.Value}");
- }
ICertificateStoreSerializer certificateStoreSerializer = GetCertificateStoreSerializer(config.CertificateStoreDetails.Properties);
try
{
- string userName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", config.ServerUsername);
- string userPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", config.ServerPassword);
- string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
-
ApplicationSettings.Initialize(this.GetType().Assembly.Location);
- dynamic properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties.ToString());
- string sudoImpersonatedUser = properties.SudoImpersonatedUser == null || string.IsNullOrEmpty(properties.SudoImpersonatedUser.Value) ?
- ApplicationSettings.DefaultSudoImpersonatedUser :
- properties.SudoImpersonatedUser.Value;
- bool removeRootCertificate = properties.RemoveRootCertificate == null || string.IsNullOrEmpty(properties.RemoveRootCertificate.Value) ?
- false :
- Convert.ToBoolean(properties.RemoveRootCertificate.Value);
- bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
- false :
- Convert.ToBoolean(properties.IncludePortInSPN.Value);
-
- ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
- if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
- {
- Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
- }
- certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
- certificateStore.Initialize(sudoImpersonatedUser);
+ SetJobProperties(config, config.CertificateStoreDetails, logger);
+
+ certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, FileTransferProtocol, SSHPort, IncludePortInSPN);
+ certificateStore.Initialize(SudoImpersonatedUser);
PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
@@ -80,8 +54,8 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
}
certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
- certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword, X509KeyStorageFlags.EphemeralKeySet).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, removeRootCertificate);
- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
+ certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword, X509KeyStorageFlags.EphemeralKeySet).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, RemoveRootCertificate);
+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
break;
@@ -96,7 +70,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
{
certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);
- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
}
logger.LogDebug($"END Delete Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
break;
diff --git a/RemoteFile/ReenrollmentBase.cs b/RemoteFile/ReenrollmentBase.cs
index da2b1402..56e9030f 100644
--- a/RemoteFile/ReenrollmentBase.cs
+++ b/RemoteFile/ReenrollmentBase.cs
@@ -45,62 +45,30 @@ internal enum SupportedKeyTypeEnum
public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenrollmentCSR submitReenrollment)
{
ILogger logger = LogHandler.GetClassLogger(this.GetType());
- logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
- logger.LogDebug($"Server: {config.CertificateStoreDetails.ClientMachine}");
- logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}");
-
- logger.LogDebug($"Job Properties:");
- foreach (KeyValuePair keyValue in config.JobProperties == null ? new Dictionary() : config.JobProperties)
- {
- logger.LogDebug($" {keyValue.Key}: {keyValue.Value}");
- }
ICertificateStoreSerializer certificateStoreSerializer = GetCertificateStoreSerializer(config.CertificateStoreDetails.Properties);
try
{
- string userName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", config.ServerUsername);
- string userPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", config.ServerPassword);
- string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
-
ApplicationSettings.Initialize(this.GetType().Assembly.Location);
- dynamic properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties.ToString());
- string sudoImpersonatedUser = properties.SudoImpersonatedUser == null || string.IsNullOrEmpty(properties.SudoImpersonatedUser.Value) ?
- ApplicationSettings.DefaultSudoImpersonatedUser :
- properties.SudoImpersonatedUser.Value;
- bool removeRootCertificate = properties.RemoveRootCertificate == null || string.IsNullOrEmpty(properties.RemoveRootCertificate.Value) ?
- false :
- Convert.ToBoolean(properties.RemoveRootCertificate.Value);
- bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
- false :
- Convert.ToBoolean(properties.IncludePortInSPN.Value);
- bool createCSROnDevice = properties.CreateCSROnDevice == null || string.IsNullOrEmpty(properties.CreateCSROnDevice.Value) ?
- ApplicationSettings.CreateCSROnDevice :
- Convert.ToBoolean(properties.CreateCSROnDevice.Value);
-
- string keyType = !config.JobProperties.ContainsKey("keyType") || config.JobProperties["keyType"] == null || string.IsNullOrEmpty(config.JobProperties["keyType"].ToString()) ? string.Empty : config.JobProperties["keyType"].ToString();
- int keySize = !config.JobProperties.ContainsKey("keySize") || config.JobProperties["keySize"] == null || string.IsNullOrEmpty(config.JobProperties["keySize"].ToString()) ? 2048 : Convert.ToInt32(config.JobProperties["keySize"]);
- string subjectText = !config.JobProperties.ContainsKey("subjectText") || config.JobProperties["subjectText"] == null || config.JobProperties["subjectText"] == null || string.IsNullOrEmpty(config.JobProperties["subjectText"].ToString()) ? string.Empty : config.JobProperties["subjectText"].ToString();
+
+ SetJobProperties(config, config.CertificateStoreDetails, logger);
string alias = "abcd";
string sans = "reenroll2.Keyfactor.com&reenroll1.keyfactor.com&reenroll3.Keyfactor.com";
bool overwrite = true;
// validate parameters
- string keyTypes = string.Join(",", Enum.GetNames(typeof(SupportedKeyTypeEnum)));
- if (!Enum.TryParse(keyType.ToUpper(), out SupportedKeyTypeEnum keyTypeEnum))
+ string KeyTypes = string.Join(",", Enum.GetNames(typeof(SupportedKeyTypeEnum)));
+ if (!Enum.TryParse(KeyType.ToUpper(), out SupportedKeyTypeEnum KeyTypeEnum))
{
- throw new RemoteFileException($"Unsupported KeyType value {keyType}. Supported types are {keyTypes}.");
+ throw new RemoteFileException($"Unsupported KeyType value {KeyType}. Supported types are {KeyTypes}.");
}
ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
- if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
- {
- Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
- }
- certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
- certificateStore.Initialize(sudoImpersonatedUser);
+ certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, fileTransferProtocol, SSHPort, IncludePortInSPN);
+ certificateStore.Initialize(SudoImpersonatedUser);
PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
@@ -112,27 +80,27 @@ public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenr
// generate CSR and call back to enroll certificate
string csr = string.Empty;
string pemPrivateKey = string.Empty;
- if (createCSROnDevice)
+ if (CreateCSROnDevice)
{
- csr = certificateStore.GenerateCSROnDevice(subjectText, keyTypeEnum, keySize, new List(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)), out pemPrivateKey);
+ csr = certificateStore.GenerateCSROnDevice(SubjectText, KeyTypeEnum, KeySize, new List(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)), out pemPrivateKey);
}
else
{
- csr = certificateStore.GenerateCSR(subjectText, keyTypeEnum, keySize, new List(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)));
+ csr = certificateStore.GenerateCSR(SubjectText, KeyTypeEnum, KeySize, new List(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)));
}
X509Certificate2 cert = submitReenrollment.Invoke(csr);
if (cert == null || String.IsNullOrEmpty(pemPrivateKey))
throw new RemoteFileException("Enrollment of CSR failed. Please check Keyfactor Command logs for more information on potential enrollment errors.");
- AsymmetricAlgorithm alg = keyTypeEnum == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
+ AsymmetricAlgorithm alg = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
alg.ImportEncryptedPkcs8PrivateKey(string.Empty, Keyfactor.PKI.PEM.PemUtilities.PEMToDER(pemPrivateKey), out _);
- cert = keyTypeEnum == SupportedKeyTypeEnum.RSA ? cert.CopyWithPrivateKey((RSA)alg) : cert.CopyWithPrivateKey((ECDsa)alg);
+ cert = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? cert.CopyWithPrivateKey((RSA)alg) : cert.CopyWithPrivateKey((ECDsa)alg);
// save certificate
certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
- certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), overwrite, null, removeRootCertificate);
- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
+ certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), overwrite, null, RemoveRootCertificate);
+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
}
diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
index 6a71d16f..b550113e 100644
--- a/RemoteFile/RemoteCertificateStore.cs
+++ b/RemoteFile/RemoteCertificateStore.cs
@@ -56,6 +56,7 @@ internal enum ServerTypeEnum
internal string UploadFilePath { get; set; }
internal ApplicationSettings.FileTransferProtocolEnum FileTransferProtocol { get; set; }
internal bool IncludePortInSPN { get; set; }
+ internal int SSHPort { get; set; }
private Pkcs12Store CertificateStore;
private ILogger logger;
@@ -63,7 +64,7 @@ internal enum ServerTypeEnum
internal RemoteCertificateStore() { }
- internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, bool includePortInSPN)
+ internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, int sshPort, bool includePortInSPN)
{
logger = LogHandler.GetClassLogger(this.GetType());
logger.MethodEntry(LogLevel.Debug);
@@ -80,6 +81,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
ServerType = StorePath.Substring(0, 1) == "/" ? ServerTypeEnum.Linux : ServerTypeEnum.Windows;
UploadFilePath = !string.IsNullOrEmpty(ApplicationSettings.SeparateUploadFilePath) && ServerType == ServerTypeEnum.Linux ? ApplicationSettings.SeparateUploadFilePath : StorePath;
FileTransferProtocol = fileTransferProtocol;
+ SSHPort = sshPort;
IncludePortInSPN = includePortInSPN;
logger.LogDebug($"UploadFilePath: {UploadFilePath}");
@@ -456,7 +458,7 @@ internal void Initialize(string sudoImpersonatedUser)
bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);
if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
- RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux, FileTransferProtocol, sudoImpersonatedUser) as IRemoteHandler;
+ RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux, FileTransferProtocol, SSHPort, sudoImpersonatedUser) as IRemoteHandler;
else
RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal, IncludePortInSPN);
diff --git a/RemoteFile/RemoteFileJobTypeBase.cs b/RemoteFile/RemoteFileJobTypeBase.cs
index d68199fa..61640b0d 100644
--- a/RemoteFile/RemoteFileJobTypeBase.cs
+++ b/RemoteFile/RemoteFileJobTypeBase.cs
@@ -5,7 +5,12 @@
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
// and limitations under the License.
+using Keyfactor.Orchestrators.Extensions;
using Keyfactor.Orchestrators.Extensions.Interfaces;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
namespace Keyfactor.Extensions.Orchestrator.RemoteFile
{
@@ -13,5 +18,72 @@ public abstract class RemoteFileJobTypeBase
{
public IPAMSecretResolver _resolver;
internal abstract ICertificateStoreSerializer GetCertificateStoreSerializer(string storeProperties);
+
+ internal string UserName { get; set; }
+ internal string UserPassword { get; set; }
+ internal string StorePassword { get; set; }
+ internal string SudoImpersonatedUser { get; set; }
+ internal bool RemoveRootCertificate { get; set; }
+ internal int SSHPort { get; set; }
+ internal bool IncludePortInSPN { get; set; }
+ internal ApplicationSettings.FileTransferProtocolEnum FileTransferProtocol { get; set; }
+ internal bool CreateCSROnDevice { get; set; }
+ internal string KeyType { get; set; }
+ internal int KeySize { get; set; }
+ internal string SubjectText { get; set; }
+
+
+ internal void SetJobProperties(JobConfiguration config, CertificateStore certificateStoreDetails, ILogger logger)
+ {
+ logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
+ logger.LogDebug($"Server: {certificateStoreDetails.ClientMachine}");
+ logger.LogDebug($"Store Path: {certificateStoreDetails.StorePath}");
+ logger.LogDebug($"Job Properties:");
+ foreach (KeyValuePair keyValue in config.JobProperties == null ? new Dictionary() : config.JobProperties)
+ {
+ logger.LogDebug($" {keyValue.Key}: {keyValue.Value}");
+ }
+
+ UserName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", config.ServerUsername);
+ UserPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", config.ServerPassword);
+ StorePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", certificateStoreDetails.StorePassword);
+
+ dynamic properties = JsonConvert.DeserializeObject(certificateStoreDetails.Properties.ToString());
+
+ SudoImpersonatedUser = properties.SudoImpersonatedUser == null || string.IsNullOrEmpty(properties.SudoImpersonatedUser.Value) ?
+ ApplicationSettings.DefaultSudoImpersonatedUser :
+ properties.SudoImpersonatedUser.Value;
+
+ SSHPort = properties.SSHPort == null || string.IsNullOrEmpty(properties.SSHPort.Value) || !int.TryParse(properties.SSHPort.Value, out int notUsed) ?
+ ApplicationSettings.SSHPort :
+ properties.SSHPort;
+
+ RemoveRootCertificate = properties.RemoveRootCertificate == null || string.IsNullOrEmpty(properties.RemoveRootCertificate.Value) ?
+ false :
+ Convert.ToBoolean(properties.RemoveRootCertificate.Value);
+
+ IncludePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
+ false :
+ Convert.ToBoolean(properties.IncludePortInSPN.Value);
+
+ CreateCSROnDevice = properties.CreateCSROnDevice == null || string.IsNullOrEmpty(properties.CreateCSROnDevice.Value) ?
+ ApplicationSettings.CreateCSROnDevice :
+ Convert.ToBoolean(properties.CreateCSROnDevice.Value);
+
+ FileTransferProtocol = ApplicationSettings.FileTransferProtocol;
+ if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
+ {
+ ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol;
+ if (Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol))
+ FileTransferProtocol = fileTransferProtocol;
+ }
+
+ if (config.JobProperties != null)
+ {
+ KeyType = !config.JobProperties.ContainsKey("keyType") || config.JobProperties["keyType"] == null || string.IsNullOrEmpty(config.JobProperties["keyType"].ToString()) ? string.Empty : config.JobProperties["keyType"].ToString();
+ KeySize = !config.JobProperties.ContainsKey("keySize") || config.JobProperties["keySize"] == null || string.IsNullOrEmpty(config.JobProperties["keySize"].ToString()) || !int.TryParse(config.JobProperties["keySize"].ToString(), out int notUsed2) ? 2048 : Convert.ToInt32(config.JobProperties["keySize"]);
+ SubjectText = !config.JobProperties.ContainsKey("subjectText") || config.JobProperties["subjectText"] == null || string.IsNullOrEmpty(config.JobProperties["subjectText"].ToString()) ? string.Empty : config.JobProperties["subjectText"].ToString();
+ }
+ }
}
}
diff --git a/RemoteFile/RemoteHandlers/SSHHandler.cs b/RemoteFile/RemoteHandlers/SSHHandler.cs
index 79238d7d..d89d255f 100644
--- a/RemoteFile/RemoteHandlers/SSHHandler.cs
+++ b/RemoteFile/RemoteHandlers/SSHHandler.cs
@@ -34,7 +34,7 @@ class SSHHandler : BaseRemoteHandler
private string Password { get; set; }
private SshClient sshClient;
- internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, string sudoImpersonatedUser)
+ internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, int sshPort, string sudoImpersonatedUser)
{
_logger.MethodEntry(LogLevel.Debug);
@@ -49,7 +49,7 @@ internal SSHHandler(string server, string serverLogin, string serverPassword, bo
{
KeyboardInteractiveAuthenticationMethod keyboardAuthentication = new KeyboardInteractiveAuthenticationMethod(UserId);
keyboardAuthentication.AuthenticationPrompt += KeyboardAuthentication_AuthenticationPrompt;
- Connection = new ConnectionInfo(server, serverLogin, new PasswordAuthenticationMethod(serverLogin, serverPassword), keyboardAuthentication);
+ Connection = new ConnectionInfo(server, sshPort, serverLogin, new PasswordAuthenticationMethod(serverLogin, serverPassword), keyboardAuthentication);
}
else
{
@@ -70,7 +70,7 @@ internal SSHHandler(string server, string serverLogin, string serverPassword, bo
}
}
- Connection = new ConnectionInfo(server, serverLogin, new PrivateKeyAuthenticationMethod(serverLogin, privateKeyFile));
+ Connection = new ConnectionInfo(server, sshPort, serverLogin, new PrivateKeyAuthenticationMethod(serverLogin, privateKeyFile));
}
try
diff --git a/RemoteFile/config.json b/RemoteFile/config.json
index bd69b8a5..93c21131 100644
--- a/RemoteFile/config.json
+++ b/RemoteFile/config.json
@@ -7,4 +7,5 @@
"FileTransferProtocol": "SCP",
"DefaultLinuxPermissionsOnStoreCreation": "600",
"DefaultOwnerOnStoreCreation": "",
+ "SSHPort": ""
}
\ No newline at end of file
diff --git a/docsource/content.md b/docsource/content.md
index 969a9b91..667fc2aa 100644
--- a/docsource/content.md
+++ b/docsource/content.md
@@ -74,7 +74,8 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
"SeparateUploadFilePath": "",
"FileTransferProtocol": "SCP",
"DefaultLinuxPermissionsOnStoreCreation": "600",
- "DefaultOwnerOnStoreCreation": ""
+ "DefaultOwnerOnStoreCreation": "",
+ "SSHPort": ""
}
@@ -149,6 +150,14 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
+
+SSHPort (Applicable for Linux hosted certificate stores only)
+
+* This optional value should be an integer value representing the port that SSH is listening on
+* Allowed values - Any valid integer representing a valid port
+* Default Value - 22.
+
+
## Discovery
diff --git a/docsource/images/RFDER-advanced-store-type-dialog.png b/docsource/images/RFDER-advanced-store-type-dialog.png
index fb418e6f..bf8a8a39 100644
Binary files a/docsource/images/RFDER-advanced-store-type-dialog.png and b/docsource/images/RFDER-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFDER-basic-store-type-dialog.png b/docsource/images/RFDER-basic-store-type-dialog.png
index db97926e..9e36ef88 100644
Binary files a/docsource/images/RFDER-basic-store-type-dialog.png and b/docsource/images/RFDER-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFDER-custom-fields-store-type-dialog.png b/docsource/images/RFDER-custom-fields-store-type-dialog.png
index 4e545c81..f0f451b5 100644
Binary files a/docsource/images/RFDER-custom-fields-store-type-dialog.png and b/docsource/images/RFDER-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/RFJKS-advanced-store-type-dialog.png b/docsource/images/RFJKS-advanced-store-type-dialog.png
index 06bc1330..3e724abc 100644
Binary files a/docsource/images/RFJKS-advanced-store-type-dialog.png and b/docsource/images/RFJKS-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFJKS-basic-store-type-dialog.png b/docsource/images/RFJKS-basic-store-type-dialog.png
index 96a375f4..88b86604 100644
Binary files a/docsource/images/RFJKS-basic-store-type-dialog.png and b/docsource/images/RFJKS-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFJKS-custom-fields-store-type-dialog.png b/docsource/images/RFJKS-custom-fields-store-type-dialog.png
index b3ef917b..81638289 100644
Binary files a/docsource/images/RFJKS-custom-fields-store-type-dialog.png and b/docsource/images/RFJKS-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/RFKDB-advanced-store-type-dialog.png b/docsource/images/RFKDB-advanced-store-type-dialog.png
index 06bc1330..3e724abc 100644
Binary files a/docsource/images/RFKDB-advanced-store-type-dialog.png and b/docsource/images/RFKDB-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFKDB-basic-store-type-dialog.png b/docsource/images/RFKDB-basic-store-type-dialog.png
index a66dd767..f82fd0de 100644
Binary files a/docsource/images/RFKDB-basic-store-type-dialog.png and b/docsource/images/RFKDB-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFKDB-custom-fields-store-type-dialog.png b/docsource/images/RFKDB-custom-fields-store-type-dialog.png
index b3ef917b..81638289 100644
Binary files a/docsource/images/RFKDB-custom-fields-store-type-dialog.png and b/docsource/images/RFKDB-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/RFORA-advanced-store-type-dialog.png b/docsource/images/RFORA-advanced-store-type-dialog.png
index 06bc1330..3e724abc 100644
Binary files a/docsource/images/RFORA-advanced-store-type-dialog.png and b/docsource/images/RFORA-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFORA-basic-store-type-dialog.png b/docsource/images/RFORA-basic-store-type-dialog.png
index 34973147..e3f83edd 100644
Binary files a/docsource/images/RFORA-basic-store-type-dialog.png and b/docsource/images/RFORA-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFORA-custom-fields-store-type-dialog.png b/docsource/images/RFORA-custom-fields-store-type-dialog.png
index 6c85cc5c..67eb5015 100644
Binary files a/docsource/images/RFORA-custom-fields-store-type-dialog.png and b/docsource/images/RFORA-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/RFPEM-advanced-store-type-dialog.png b/docsource/images/RFPEM-advanced-store-type-dialog.png
index fb418e6f..bf8a8a39 100644
Binary files a/docsource/images/RFPEM-advanced-store-type-dialog.png and b/docsource/images/RFPEM-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFPEM-basic-store-type-dialog.png b/docsource/images/RFPEM-basic-store-type-dialog.png
index 8f7a2f8f..c1c221bf 100644
Binary files a/docsource/images/RFPEM-basic-store-type-dialog.png and b/docsource/images/RFPEM-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFPEM-custom-fields-store-type-dialog.png b/docsource/images/RFPEM-custom-fields-store-type-dialog.png
index 1f9b538e..ada9a5e2 100644
Binary files a/docsource/images/RFPEM-custom-fields-store-type-dialog.png and b/docsource/images/RFPEM-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/RFPkcs12-advanced-store-type-dialog.png b/docsource/images/RFPkcs12-advanced-store-type-dialog.png
index 06bc1330..3e724abc 100644
Binary files a/docsource/images/RFPkcs12-advanced-store-type-dialog.png and b/docsource/images/RFPkcs12-advanced-store-type-dialog.png differ
diff --git a/docsource/images/RFPkcs12-basic-store-type-dialog.png b/docsource/images/RFPkcs12-basic-store-type-dialog.png
index 60ef560c..45a28c8a 100644
Binary files a/docsource/images/RFPkcs12-basic-store-type-dialog.png and b/docsource/images/RFPkcs12-basic-store-type-dialog.png differ
diff --git a/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png b/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png
index b3ef917b..81638289 100644
Binary files a/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png and b/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png differ
diff --git a/integration-manifest.json b/integration-manifest.json
index d82f09fe..526d750e 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -40,82 +40,91 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The IP address or DNS of the server hosting the certificate store. For more information, see [Client Machine ](#client-machine-instructions)",
"StorePathDescription": "The full path and file name, including file extension if one exists where the certificate store file is located. For Linux orchestrated servers, StorePath will begin with a forward slash (i.e. /folder/path/storename.ext). For Windows orchestrated servers, it should begin with a drive letter (i.e. c:\\folder\\path\\storename.ext)."
@@ -145,118 +154,127 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "IsTrustStore",
- "DisplayName": "Trust Store",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "false",
- "Description": "The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key."
- },
- {
- "Name": "IncludesChain",
- "DisplayName": "Store Includes Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "false",
- "Description": "The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it."
- },
- {
- "Name": "SeparatePrivateKeyFilePath",
- "DisplayName": "Separate Private Key File Location",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'."
- },
- {
- "Name": "IgnorePrivateKeyOnInventory",
- "DisplayName": "Ignore Private Key On Inventory",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "false",
- "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting.."
+ },
+ {
+ "Name": "IsTrustStore",
+ "DisplayName": "Trust Store",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "false",
+ "Description": "The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key."
+ },
+ {
+ "Name": "IncludesChain",
+ "DisplayName": "Store Includes Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "false",
+ "Description": "The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it."
+ },
+ {
+ "Name": "SeparatePrivateKeyFilePath",
+ "DisplayName": "Separate Private Key File Location",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'."
+ },
+ {
+ "Name": "IgnorePrivateKeyOnInventory",
+ "DisplayName": "Ignore Private Key On Inventory",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "false",
+ "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.",
"StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.ext) for Windows orchestrated servers. Example: '/folder/path/storename.pem' or 'c:\\folder\\path\\storename.pem'."
@@ -286,82 +304,91 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.",
"StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'."
@@ -391,91 +418,100 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "SeparatePrivateKeyFilePath",
- "DisplayName": "Separate Private Key File Location",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting."
+ },
+ {
+ "Name": "SeparatePrivateKeyFilePath",
+ "DisplayName": "Separate Private Key File Location",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.",
"StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.der) for Windows orchestrated servers. Example: '/folder/path/storename.der' or 'c:\\folder\\path\\storename.der'."
@@ -505,82 +541,91 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.",
"StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.kdb) for Windows orchestrated servers. Example: '/folder/path/storename.kdb' or 'c:\\folder\\path\\storename.kdb'."
@@ -610,91 +655,100 @@
"IsPAMEligible": true
}
},
- "Properties": [
- {
- "Name": "ServerUsername",
- "DisplayName": "Server Username",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "ServerPassword",
- "DisplayName": "Server Password",
- "Type": "Secret",
- "DependsOn": "",
- "DefaultValue": "",
- "Required": false,
- "IsPAMEligible": true,
- "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
- },
- {
- "Name": "LinuxFilePermissionsOnStoreCreation",
- "DisplayName": "Linux File Permissions on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'."
- },
- {
- "Name": "LinuxFileOwnerOnStoreCreation",
- "DisplayName": "Linux File Owner on Store Creation",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'."
- },
- {
- "Name": "SudoImpersonatingUser",
- "DisplayName": "Sudo Impersonating User",
- "Required": false,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'."
- },
- {
- "Name": "WorkFolder",
- "DisplayName": "Location to use for creation/removal of work files",
- "Required": true,
- "DependsOn": "",
- "Type": "String",
- "DefaultValue": "",
- "Description": "The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'."
- },
- {
- "Name": "RemoveRootCertificate",
- "DisplayName": "Remove Root Certificate from Chain",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
- },
- {
- "Name": "IncludePortInSPN",
- "DisplayName": "Include Port in SPN for WinRM",
- "Required": false,
- "DependsOn": "",
- "Type": "Bool",
- "DefaultValue": "False",
- "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
- },
- {
- "Name": "FileTransferProtocol",
- "DisplayName": "File Transfer Protocol to Use",
- "Required": false,
- "DependsOn": "",
- "Type": "MultipleChoice",
- "DefaultValue": "SCP,SFTP,Both",
- "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
- }
- ],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "LinuxFilePermissionsOnStoreCreation",
+ "DisplayName": "Linux File Permissions on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "LinuxFileOwnerOnStoreCreation",
+ "DisplayName": "Linux File Owner on Store Creation",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SudoImpersonatingUser",
+ "DisplayName": "Sudo Impersonating User",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting."
+ },
+ {
+ "Name": "WorkFolder",
+ "DisplayName": "Location to use for creation/removal of work files",
+ "Required": true,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'."
+ },
+ {
+ "Name": "RemoveRootCertificate",
+ "DisplayName": "Remove Root Certificate from Chain",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Remove root certificate from chain when adding/renewing a certificate in a store."
+ },
+ {
+ "Name": "IncludePortInSPN",
+ "DisplayName": "Include Port in SPN for WinRM",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "Bool",
+ "DefaultValue": "False",
+ "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+ },
+ {
+ "Name": "FileTransferProtocol",
+ "DisplayName": "File Transfer Protocol to Use",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "MultipleChoice",
+ "DefaultValue": ",SCP,SFTP,Both",
+ "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other). Overrides FileTransferProtocol [config.json](#post-installation) setting."
+ },
+ {
+ "Name": "SSHPort",
+ "DisplayName": "SSH Port",
+ "Required": false,
+ "DependsOn": "",
+ "Type": "String",
+ "DefaultValue": "",
+ "Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
+ }
+ ],
"EntryParameters": [],
"ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.",
"StorePathDescription": "The Store Path field should contain the full path and file name of the Oracle Wallet, including the 'eWallet.p12' file name by convention. Example: '/path/to/eWallet.p12' or 'c:\\path\\to\\eWallet.p12'."