gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:11:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Phase 4 follow-on batch 1 — 5 issuer per-pages

Browse Source 
Extract the first 5 issuer per-connector deep-dive pages:

- vault.md (128 lines) — Vault PKI synchronous issuance, token TTL +
  auto-renewal loop, MaxTTL enforcement, rotation playbook
- digicert.md (106 lines) — CertCentral DV/OV/EV with bounded async
  polling for vetting workflows
- aws-acm-pca.md (165 lines) — managed private CA on AWS with full
  IAM policy, IRSA wiring, troubleshooting matrix
- ejbca.md (116 lines) — open-source / Keyfactor EJBCA with mTLS or
  OAuth2 auth, mTLS keypair caching, approval-pending guidance
- adcs.md (111 lines) — Active Directory Certificate Services as
  enterprise root via Local CA sub-CA mode, sub-CA rotation playbook

Index updated with forward-list entries and the index-purpose blurb
revised so the index now positions itself as 'navigate from here;
deeper material lives in siblings' rather than 'docs to be extracted
later'.

Each per-page follows the WHAT/HOW/WHY pattern: what the connector is,
how authentication and issuance work, and when to choose this vs an
alternative. Cross-links to the connector index, async-ca-polling
primitive, and adjacent operator runbooks.

This is part 1 of 4 for the Phase 4 follow-on (per-connector page
extraction) tracked in cowork/docs-overhaul-phase-2-restructure-2026-05-04/log.md.

Net add: 5 files, 626 lines. No content removed from index.md (the
index keeps its inline reference; per-pages add operator depth on
top, matching the pattern set by apache/f5/iis/k8s/nginx in Phase 4
structural).
This commit is contained in:
shankar0123
2026-05-05 03:53:52 +00:00
parent b452013dd9
commit fd94205cfa
6 changed files with 643 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/reference/connectors/index.md
+17 -6
View File
@@ -2,17 +2,28 @@
> Last reviewed: 2026-05-05
>
> This is the canonical connector reference. Per-connector deep-dive
> pages exist for the targets that have unique operational quirks
> (apache, f5, iis, k8s, nginx — see siblings in this directory). Other
> connectors are documented inline in this file and will be extracted
> to their own pages as operational depth grows. Cross-link from this
> index to per-connector pages where they exist.
> This is the canonical connector reference: interface contracts,
> registry, deployment primitive, network scanner, cloud discovery.
> Each built-in connector below has a sibling per-page that goes
> deeper on operator-grade material (vendor edges, troubleshooting,
> rotation playbooks, when-to-use vs alternatives). Use this index
> to navigate; jump to the sibling pages for hands-on operator
> material.
Connectors extend certctl to integrate with external systems for certificate issuance, deployment, and notifications. This guide covers the connector interfaces, built-in implementations, and how to build your own.
**Per-connector deep-dive pages** (siblings in this directory):
Issuer connectors:
- [ADCS integration](adcs.md) — Active Directory Certificate Services as enterprise root via Local CA sub-CA mode
- [AWS ACM Private CA](aws-acm-pca.md) — managed private CA on AWS, IAM-authenticated
- [DigiCert CertCentral](digicert.md) — commercial public CA (DV / OV / EV)
- [EJBCA (Keyfactor)](ejbca.md) — self-hosted open-source / Keyfactor enterprise CA
- [Vault PKI](vault.md) — HashiCorp Vault PKI engine, synchronous issuance
Target connectors:
- [Apache](apache.md) — Apache httpd connector deep dive
- [F5 BIG-IP](f5.md) — F5 connector deep dive (proxy agent + iControl REST)
- [IIS](iis.md) — Microsoft IIS connector deep dive (local PowerShell + WinRM modes)