documentation update for initial release

Author: doebrowsk

README.md

@@ -38,10 +38,11 @@ VMware vCenter uses certificates to secure communications between the different
 
 
 ### vCenter
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
+The certificate store type of vCenter associated with this integration implements the Inventory, Management Add, and Management Remove job types.
 
-TODO Overview is a required section
+The Add and Remove operations have the ability to create and remove trusted root chains and SSL certificates associated with
+VMware vCenter. The certificate type is automatically identified by the orchestrator.  It does not manage ESXI host certificates.
 
 ## Compatibility
 
@@ -57,22 +58,12 @@ The VMware vCenter Universal Orchestrator extension If you have a support issue,
 Before installing the VMware vCenter Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command.
 
 
-### VMware vCenter Requirements
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
-
-
-TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
-
-
-
 
 ## Create the vCenter Certificate Store Type
 
 To use the VMware vCenter Universal Orchestrator extension, you **must** create the vCenter Certificate Store Type. This only needs to happen _once_ per Keyfactor Command instance.
 
 
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
-
 
 * **Create vCenter using kfutil**:
 
@@ -118,6 +109,8 @@ TODO Global Store Type Section is an optional section. If this section doesn't s
 
     ![vCenter Advanced Tab](docsource/images/vCenter-advanced-store-type-dialog.png)
 
+    > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
     #### Custom Fields Tab
     Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
@@ -176,22 +169,101 @@ TODO Global Store Type Section is an optional section. If this section doesn't s
 ## Defining Certificate Stores
 
 
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
-TODO Certificate Store Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+* **Manually with the Command UI**
+
+    <details><summary>Create Certificate Stores manually in the UI</summary>
+
+    1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.**
 
+        Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_.
 
+    2. **Add a Certificate Store.**
+
+        Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "VMware vCenter" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The domain name of the vSphere client managing vCenter (url to vCenter host without the 'https://'. |
+        | Store Path | A unique identifier for this store.  The actual value is unused by the orchestrator extension |
+        | Orchestrator | Select an approved orchestrator capable of managing `vCenter` certificates. Specifically, one with the `vCenter` capability. |
+        | ServerUsername | The vCenter username used to manage the vCenter connection |
+        | ServerPassword | The secret vCenter password used to manage the vCenter connection |
+
+
+        
+
+    </details>
+
+* **Using kfutil**
+    
+    <details><summary>Create Certificate Stores with kfutil</summary>
+    
+    1. **Generate a CSV template for the vCenter certificate store**
+
+        ```shell
+        kfutil stores import generate-template --store-type-name vCenter --outpath vCenter.csv
+        ```
+    2. **Populate the generated CSV file**
+
+        Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "VMware vCenter" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The domain name of the vSphere client managing vCenter (url to vCenter host without the 'https://'. |
+        | Store Path | A unique identifier for this store.  The actual value is unused by the orchestrator extension |
+        | Orchestrator | Select an approved orchestrator capable of managing `vCenter` certificates. Specifically, one with the `vCenter` capability. |
+        | ServerUsername | The vCenter username used to manage the vCenter connection |
+        | ServerPassword | The secret vCenter password used to manage the vCenter connection |
+
+
+        
+
+    3. **Import the CSV file to create the certificate stores** 
+
+        ```shell
+        kfutil stores import csv --store-type-name vCenter --file vCenter.csv
+        ```
+    </details>
 
 > The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
 
 
-## Discovering Certificate Stores with the Discovery Job
+### vCenter Configuration
+
+vCenter management is controlled by the vSphere client. Follow VMware's vCenter Server Configuration [documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-703-configuration-guide.pdf) to configure a vSphere client and vCenter.
+
+### Installing the extension
+
+1. Stop the Orchestrator service if it is running.
+1. Create a folder in your Orchestrator extensions directory called "vCenter"
+1. Extract the contents of the release zip file into this folder.
+1. Start the Orchestrator service.
 
-### VMware vCenter Discovery Job
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+### vCenter Certificate Store Parameters
+
+To create a new certificate store in Keyfactor Command, select the _Locations_ drop down, select _Certificate Stores_, and click the _Add_ button.
+fill the displayed form with the following values:
+
+| Parameter       | Value                  | Description                                                                         |
+|-----------------|------------------------|-------------------------------------------------------------------------------------|
+| Category        | 'VMware vCenter'       | The name of the VMware vCenter store type                                           |
+| Client Machine  | vSphere Domain Name    | The domain name of the vSphere client managing vCenter (ex: https://myvcenter.pki.local would use `myvcenter.pki.local`                             |
+| Store Path      | 'vCenter Certificates' | The _StorePathValue_ of the vCenter instance as set during store type configuration |
+| Server Username | Client secret Username | The secret vCenter username used to manage the vCenter connection                   |
+| Server Password | Client Secret Password | The secret vCenter password used to manage the vCenter connection                   |
+
+### Managing vCenter Certificates
+ 
+This orchestrator extension allows managing both Trusted root certificates as well as SSL/TLS certificates.  
 
+:warning: _Important note on certificate enrollment_
 
-TODO Discovery Job Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+In order to enroll a new Trusted Root Certificate from the platform, follow the normal steps for enrolling a certificate into the certificate store, but do not include the private key.
+- If the private key is omitted, the extension assumes we are replacing the Trusted Root Certificate.
+- If the private key is included, the extension assumes we are replacing the TLS certificate used for SSL communication.
 
 
 

VmwareVcenterOrchestrator.sln

@@ -12,7 +12,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		CHANGELOG.md = CHANGELOG.md
 		docsource\content.md = docsource\content.md
 		integration-manifest.json = integration-manifest.json
-		readme_source.md = readme_source.md
+		vcenter.md = vcenter.md
 	EndProjectSection
 EndProject
 Global

docsource/content.md

@@ -16,4 +16,4 @@ In order to enroll a new **Trusted Root** Certificate from the platform, follow
 
 :warning: **Important note about Trusted Root Chain Removal**
 
-Trusted root chains can be added and removed from the vCenter certificate store through the orchestrator. Note that the vCenter instance will be put into a bad state if the trusted root of the SSL certificate corresponding to the vSphere server is deleted from the certificate store.
+Trusted root chains can be added and removed from the vCenter certificate store through the orchestrator. Note that the vCenter instance will be put into a bad state if the trusted root of the SSL certificate corresponding to the vSphere server is deleted from the certificate store.

docsource/vcenter.md

@@ -1,20 +1,40 @@
 ## Overview
 
-TODO Overview is a required section
+The certificate store type of vCenter associated with this integration implements the Inventory, Management Add, and Management Remove job types.
 
-## Requirements
+The Add and Remove operations have the ability to create and remove trusted root chains and SSL certificates associated with
+VMware vCenter. The certificate type is automatically identified by the orchestrator.  It does not manage ESXI host certificates.
 
-TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+## vCenter Configuration
 
-## Discovery Job Configuration
+vCenter management is controlled by the vSphere client. Follow VMware's vCenter Server Configuration [documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-703-configuration-guide.pdf) to configure a vSphere client and vCenter.
 
-TODO Discovery Job Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+## Installing the extension
 
-## Certificate Store Configuration
+1. Stop the Orchestrator service if it is running.
+1. Create a folder in your Orchestrator extensions directory called "vCenter"
+1. Extract the contents of the release zip file into this folder.
+1. Start the Orchestrator service.
 
-TODO Certificate Store Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+## vCenter Certificate Store Parameters
 
-## Global Store Type Section
+To create a new certificate store in Keyfactor Command, select the _Locations_ drop down, select _Certificate Stores_, and click the _Add_ button.
+fill the displayed form with the following values:
 
-TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+| Parameter       | Value                  | Description                                                                         |
+|-----------------|------------------------|-------------------------------------------------------------------------------------|
+| Category        | 'VMware vCenter'       | The name of the VMware vCenter store type                                           |
+| Client Machine  | vSphere Domain Name    | The domain name of the vSphere client managing vCenter (ex: https://myvcenter.pki.local would use `myvcenter.pki.local`                             |
+| Store Path      | 'vCenter Certificates' | The _StorePathValue_ of the vCenter instance as set during store type configuration |
+| Server Username | Client secret Username | The secret vCenter username used to manage the vCenter connection                   |
+| Server Password | Client Secret Password | The secret vCenter password used to manage the vCenter connection                   |
 
+## Managing vCenter Certificates
+ 
+This orchestrator extension allows managing both Trusted root certificates as well as SSL/TLS certificates.  
+
+:warning: _Important note on certificate enrollment_
+
+In order to enroll a new Trusted Root Certificate from the platform, follow the normal steps for enrolling a certificate into the certificate store, but do not include the private key.
+- If the private key is omitted, the extension assumes we are replacing the Trusted Root Certificate.
+- If the private key is included, the extension assumes we are replacing the TLS certificate used for SSL communication.