Keyfactor · dgaley · Oct 16, 2025 · Jul 3, 2025 · Sep 4, 2025 · Oct 16, 2025
diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
@@ -11,9 +11,9 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@v4
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
-      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      scan_token: ${{ secrets.SAST_TOKEN }}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -31,4 +31,7 @@ Hotfixes for BaseOption flag for Renewal workflow
 Hotfix for domain lookup  
 
 1.1.2
-Hotfix for renewal workflow
+Hotfix for renewal workflow  
+
+1.2.0
+Add SyncProducts config to filter certificate sync by product ID
diff --git a/globalsign-mssl-cagateway.sln b/globalsign-mssl-cagateway.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.31129.286
+# Visual Studio Version 17
+VisualStudioVersion = 17.10.35122.118
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignCAProxy", "src\GlobalSignCAProxy\GlobalSignCAProxy.csproj", "{8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}"
 EndProject
@@ -13,8 +13,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 	ProjectSection(SolutionItems) = preProject
 		CHANGELOG.md = CHANGELOG.md
 		integration-manifest.json = integration-manifest.json
-		.github\workflows\keyfactor-extension-generate-readme.yml = .github\workflows\keyfactor-extension-generate-readme.yml
-		.github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml
+		.github\workflows\keyfactor-starter-workflow.yml = .github\workflows\keyfactor-starter-workflow.yml
 		README.md.tpl = README.md.tpl
 		readme_source.md = readme_source.md
 	EndProjectSection

diff --git a/integration-manifest.json b/integration-manifest.json
@@ -5,7 +5,8 @@
   "status": "production",
   "update_catalog": true,
   "link_github": true,
-  "release_dir": "src\\GlobalSignCAProxy\\bin\\Release",
+  "release_dir": "src/GlobalSignCAProxy/bin/Release",
+  "release_project":  "src/GlobalSignCAProxy/GlobalSignCAProxy.csproj",
   "support_level": "kf-supported",
   "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center."
 }
diff --git a/readme_source.md b/readme_source.md
@@ -152,14 +152,19 @@ This is the password that will be used to connect to the GlobalSign API
 OPTIONAL: If provided, full syncs will start at the specified date.
 * ```SyncIntervalDays```  
 OPTIONAL: Required if SyncStartDate is used. Specifies how to page the certificate sync. Should be a value such that no interval of that length contains > 500 certificate enrollments.
+* ```SyncProducts```  
+OPTIONAL: If provided as a comma-separated list of product IDs, will limit the certificate sync to only certificates of those products. If blank or not provided, will sync all certs.
 
 ```json
   "CAConnection": {
 	"IsTest":"false",
 	"PickupRetries":5,
 	"PickupDelay":150,
 	"Username":"PAR12344_apiuser",
-	"Password":"password"
+	"Password":"password",
+	"SyncStartDate":"2020-01-01",
+	"SyncIntervalDays":30,
+	"SyncProducts":"PV_SHA2, PEV_SHA2"
   },
 ```
 ## GatewayRegistration

diff --git a/src/GlobalSignCAProxy/Client/GlobalSignApiClient.cs b/src/GlobalSignCAProxy/Client/GlobalSignApiClient.cs
@@ -298,7 +298,7 @@ public EnrollmentResult Enroll(GlobalSignEnrollRequest enrollRequest)
 				{
 					Logger.Trace($"Order Base Option: {rawRequest.OrderRequestParameter.BaseOption}");
 				}
-				var response = OrderService.PVOrder(enrollRequest.Request);
+				var response = OrderService.PVOrder(rawRequest);
 				if (response.OrderResponseHeader.SuccessCode == 0)
 				{
 					Logger.Debug($"Enrollment request successfully submitted");
@@ -365,7 +365,7 @@ public EnrollmentResult Renew(GlobalSignRenewRequest renewRequest)
 					Logger.Trace($"Order Base Option: {rawRequest.OrderRequestParameter.BaseOption}");
 				}
 				Logger.Trace($"Renewal Target: {rawRequest.OrderRequestParameter.RenewalTargetOrderID}");
-				var response = OrderService.PVOrder(renewRequest.Request);
+				var response = OrderService.PVOrder(rawRequest);
 				if (response.OrderResponseHeader.SuccessCode == 0)
 				{
 					Logger.Debug($"Renewal request successfully submitted");

diff --git a/src/GlobalSignCAProxy/GlobalSignCAConfig.cs b/src/GlobalSignCAProxy/GlobalSignCAConfig.cs
@@ -25,6 +25,7 @@ public class GlobalSignCAConfig
 
 		public string SyncStartDate { get; set; }
 		public int SyncIntervalDays { get; set; }
+		public string SyncProducts { get; set; }
 
         public string GetUrl(GlobalSignServiceType queryType)
         {

diff --git a/src/GlobalSignCAProxy/GlobalSignCAProxy.cs b/src/GlobalSignCAProxy/GlobalSignCAProxy.cs
@@ -19,6 +19,7 @@
 
 using Newtonsoft.Json;
 
+using Org.BouncyCastle.Asn1.IsisMtt.X509;
 using Org.BouncyCastle.Crypto.Tls;
 
 using System;
@@ -272,8 +273,31 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, B
 				DateTime? syncFrom = certificateAuthoritySyncInfo.DoFullSync ? fullSyncFrom : certificateAuthoritySyncInfo.OverallLastSync;
 				var certs = apiClient.GetCertificatesForSync(certificateAuthoritySyncInfo.DoFullSync, syncFrom, fullSyncFrom, Config.SyncIntervalDays);
 
-				foreach (var c in certs)
+				bool productFilter = false;
+				List<string> products = null;
+				if (!string.IsNullOrEmpty(Config.SyncProducts))
 				{
+					products = Config.SyncProducts.Split(',').ToList();
+					products.ForEach(p => p.ToUpper());
+					productFilter = true;
+                }
+
+				foreach (var c in certs)
+				{	
+					if (productFilter)
+					{
+						bool prodMatch = false;
+						if (c.OrderInfo?.ProductCode != null && products.Contains(c.OrderInfo.ProductCode.ToUpper()))
+						{
+							prodMatch = true;
+						}
+						if (!prodMatch)
+						{
+							Logger.Info($"Found certificate with product code {c.OrderInfo?.ProductCode}, which does not match the filter criteria. Skipping.");
+							continue;
+						}
+					}
+
 					GlobalSignOrderStatus orderStatus = (GlobalSignOrderStatus)Enum.Parse(typeof(GlobalSignOrderStatus), c.CertificateInfo.CertificateStatus);
 					DateTime? subDate = DateTime.TryParse(c.OrderInfo?.OrderDate, out DateTime orderDate) ? orderDate : (DateTime?)null;
 					DateTime? resDate = DateTime.TryParse(c.OrderInfo?.OrderCompleteDate, out DateTime completeDate) ? completeDate : (DateTime?)null;