-
Notifications
You must be signed in to change notification settings - Fork 6
plugin sdk certificates
All plugin roles require an SDK certificate to connect to Security Center. The Plugin SDK automatically locates and validates the certificate using a specific file naming convention and folder structure.
Unlike Platform SDK applications where you can set the ApplicationId programmatically, plugins rely on file-based certificate discovery.
The certificate file must be named after the fully qualified class name of the plugin, followed by .cert:
{Namespace}.{ClassName}.cert
Given the plugin class:
namespace Genetec.Dap.CodeSamples
{
[PluginProperty(typeof(MyPluginDescriptor))]
public class MyPlugin : Plugin
{
// Plugin implementation
}
}The certificate file must be named:
Genetec.Dap.CodeSamples.MyPlugin.cert
The certificate file must be placed in a Certificates folder located in the same directory as the plugin DLL:
YourPlugin.dll
└── Certificates/
└── Genetec.Dap.CodeSamples.MyPlugin.cert
When a plugin role initializes, the Plugin SDK:
- Determines the plugin's fully qualified type name (
Namespace.ClassName) - Looks for a file named
{Namespace}.{ClassName}.cert - Searches in the
Certificatessubfolder relative to the plugin DLL location - Loads and validates the certificate
- Uses the certificate to authenticate with Security Center
Each active plugin role instance consumes one connection from the Security Center license:
- Plugin roles are not listed under System Status > Applications in Config Tool.
- Instead, view plugin roles under System Status > Roles.
- Each online and initialized plugin role represents an active SDK certificate connection.
- Even if multiple plugin roles use the same
ApplicationId, each role instance counts as one connection.
A plugin role connection is counted when:
- The plugin role is activated and online
The connection is released when:
- The plugin role is deactivated or offline
If you have multiple plugin roles that share the same base plugin class, each instance requires:
-
Same certificate content (can copy the
.certfile) - Same certificate filename (based on the class name)
- Separate connections to the license pool
For example, if you create two instances of MyPlugin role:
- Both use
Genetec.Dap.CodeSamples.MyPlugin.cert. - Each instance consumes one separate connection.
In addition to the certificate file, you can specify allowed ApplicationIds directly in your PluginDescriptor class using the ApplicationId property:
public class MyPluginDescriptor : PluginDescriptor
{
public override Guid PluginGuid => new Guid("{12345678-1234-1234-1234-123456789012}");
public override string Name => "My Plugin";
public override string Description => "My plugin description";
public override string SpecificDefaultConfig => null;
public override List<string> ApplicationId => new List<string>
{
"KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv"
};
}When the plugin initializes, Security Center extracts the ApplicationId from the .cert file and compares it against the entries in this list. If no match is found, the plugin fails with IllegitimateCertificate error.
If the ApplicationId list is empty (the default), this check is skipped for backward compatibility.
Note
For information about the development certificate ApplicationId, see Development vs production certificates.
The Plugin base class provides a protected property to access the certificate's ApplicationId:
protected override void OnPluginLoaded()
{
// Get the ApplicationId from the certificate file
string applicationId = SdkClientCertificate;
Logger.TraceInformation($"Running with ApplicationId: {applicationId}");
}- Plugin SDK overview: Plugin architecture, lifecycle, and components.
- Deploying plugins: Plugin packaging, registration, and deployment.
- About SDK certificates: SDK certificate fundamentals shared across all SDK families.
- Workspace SDK certificates: Certificate requirements for workspace components.
- Overview
- Connecting to Security Center
- SDK certificates
- Referencing SDK assemblies
- SDK compatibility
- Entities
- Entity cache
- Transactions
- Events
- Actions
- Security Desk
- Custom events
- ReportManager
- ReportManager query reference
- DownloadAllRelatedData and StrictResults
- Privileges
- Partitions
- About custom fields
- About video
- About cameras
- Enrolling a video unit
- Archiver and auxiliary archiver roles
- Archive transfer
- About access control
- About cardholders and credentials
- About doors, areas, elevators, and access points
- About access rules and schedules
- About access control units and interface modules
- Enrolling an access control unit
- Door templates
- Visitors
- Mobile credentials
- About threat levels
- About alarms
- Maps
- Logging
- Overview
- Certificates
- Lifecycle
- Threading
- State management
- Configuration
- Restricted configuration
- Events
- Queries
- Request manager
- Database
- Entity ownership
- Entity mappings
- Server management
- Custom privileges
- Custom entity types
- Resolving non-SDK assemblies
- Deploying plugins
- .NET 8 support
- Overview
- Certificates
- Creating modules
- Tasks
- Pages
- Components
- Tile extensions
- Services
- Contextual actions
- Options extensions
- Configuration pages
- Monitors
- Shared components
- Commands
- Extending events
- Map extensions
- Timeline providers
- Image extractors
- Credential encoders
- Credential readers
- Cardholder fields extractors
- Badge printers
- Content builders
- Dashboard widgets
- Incidents
- Logon providers
- Pinnable content builders
- Custom report pages
- Overview
- Getting started
- MediaPlayer
- VideoSourceFilter
- MediaExporter
- MediaFile
- G64 converters
- FileCryptingManager
- PlaybackSequenceQuerier
- PlaybackStreamReader
- OverlayFactory
- PtzCoordinatesManager
- AudioTransmitter
- AudioRecorder
- AnalogMonitorController
- Camera blocking
- Overview
- Getting started
- Referencing entities
- Entity operations
- About access control in the Web SDK
- About video in the Web SDK
- Users and user groups
- Partitions
- Custom fields
- Custom card formats
- Actions
- Events and alarms
- Incidents
- Reports
- Tasks
- Macros
- Custom entity types
- System endpoints
- Performance guide
- Reference
- Under the hood
- Troubleshooting