Keyfactor · indrora · Jan 21, 2026 · Nov 11, 2025 · Nov 12, 2025 · Nov 13, 2025
diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml
@@ -0,0 +1,19 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,2 @@
+### 1.0.0
+* initial release
diff --git a/NexusCertManagerCAPlugin.sln b/NexusCertManagerCAPlugin.sln
@@ -5,10 +5,11 @@ VisualStudioVersion = 17.11.35327.3
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NexusCertManagerCAPlugin", "nexus-certificate-manager-caplugin\NexusCertManagerCAPlugin.csproj", "{5107B3B8-4F3A-4A1B-BE0E-AF6A1A0B2995}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docsource", "docsource", "{40A1F9A6-A56D-4A38-8CAE-2E23676AE243}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{4FA0BDF6-B41E-4E00-805F-AE79B894784A}"
 	ProjectSection(SolutionItems) = preProject
+		CHANGELOG.md = CHANGELOG.md
+		docsource\configuration.md = docsource\configuration.md
+		integration-manifest.json = integration-manifest.json
 		manifest.json = manifest.json
 	EndProjectSection
 EndProject

diff --git a/docsource/configuration.md b/docsource/configuration.md
@@ -0,0 +1,24 @@
+## Overview
+
+The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies:
-The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies:
+The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilities:
-The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies:
+The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilities:
+* Certificate Synchronization
+* Certificate Enrollment
+* Certificate Revocation
+
+## Requirements
+
+- The host URL for the instance of Nexus Certificate Manager
+- A certificate in the pfx format to use for authentication into Nexus Certificate Manager, located on the Gateway Host
+- The passphrase for the pfx certificate
+
+## Gateway Registration
+
+In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store
+
+## CA Connection
+
+The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path 
-The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path 
+The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path setting in the gateway configuration must then be set to the full filesystem path of this certificate file so that the gateway can locate and load it at runtime.
-The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path 
+The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path setting in the gateway configuration must then be set to the full filesystem path of this certificate file so that the gateway can locate and load it at runtime.
+
+## Certificate Template Creation Step
+
+For this AnyCA Gateway, there is a single product type named "NexusCM".
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -0,0 +1,37 @@
+{
+  "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json",
+  "integration_type": "anyca-plugin",
+  "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin",
-  "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin",
+  "name": "Nexus Certificate Manager AnyCA REST Gateway Plugin",
-  "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin",
+  "name": "Nexus Certificate Manager AnyCA REST Gateway Plugin",
+  "status": "prototype",
+  "support_level": "kf-community",
+  "link_github": false,
+  "update_catalog": false,
+  "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework",
+  "gateway_framework": "25.2.0",
+  "release_dir": "nexus-certificate-manager-caplugin/bin/Release",
+  "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj",
+  "about": {
+    "carest": {
+      "product_ids": [ "NexusCM" ],
+      "ca_plugin_config": [
+        {
+          "name": "Host",
+          "description": "The URI of the instance of the Nexus Certificate Manager API, including port.  example: https://127.0.0.1:8444"
+        },
+        {
+          "name": "AuthCertificatePath",
+          "description": "The path on the AnyCA Gateway host where the PFX certificate that will be used for authentication can be found. example: 'C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net8.0\\my_auth_cert.pfx'"
+        },
+        {
+          "name": "AuthCertPassword",
+          "description": "The password for the PFX certificate located on the AnyCA Gateway Host that will be used for authentication into Nexus Certificate Manager"
+        },
+        {
+          "name": "Enabled",
+          "description": "Flag to enable or disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
+        }
+      ],
+      "enrollment_config": []
+    }
+  }
+}
diff --git a/nexus-certificate-manager-caplugin/Constants.cs b/nexus-certificate-manager-caplugin/Constants.cs
@@ -0,0 +1,45 @@
+
+//  Copyright 2025 Keyfactor
+//  Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+//  Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+//  and limitations under the License.
+
+namespace Keyfactor.Extensions.CAPlugin.NexusCertManager
+{
+    public static class Constants
+    {
+        //names
+        public const string HOST = "Host";
+        public const string AUTHCERTPATH = "AuthCertificatePath";
+        public const string ENABLED = "Enabled";        
+        public const string AUTHCERTPASSWORD = "AuthCertPassword";
+
+
+        //values
+        public const string APIPATH = "pgwy/api";
+        public const string PRODUCTID = "NexusCM";
+        public const string PKCS7MIMETYPE = "application/pkcs7-mime";
+        public const string PEMCHAIN = "application/pem-certificate-chain";
+
+        public const string MEDIATYPE_PKCS10 = "pkcs10";
+        public const string MEDIATYPE_PKCS12 = "pkcs12";
+        public const string MEDIATYPE_SMARTCARD = "smartcard";
+        public const string MEDIATYPE_ATTRIBUTECERT = "attributecertificate";
+        public const string MEDIATYPE_DATA = "data";
+    }
+
+    public static class ApiEndpoints 
+    {
+        public const string LISTCERTS = "/certificates"; //get
+        public static string DOWNLOADCERT(string certId) => $"/certificates/{certId}/download"; //get 
+        public static string CERTDETAILS(string certId) => $"/certificates/{certId}/details"; //get
+
+        public const string REVOKE = "/certificates/revoke"; //post
+
+        public const string ENROLL = "/certificates/pkcs10"; //post
+
+        public const string LISTPROCEDURES = "/procedures";
+    }
+}