Key Manager Plus - Frequently Asked Questions16 minutes to read
1. General
2. SSH Key Management
3. SSL Certificate Management
1. General1. Do I need to install any prerequisite software before using Key Manager Plus? Apart from the standard system requirements (both hardware and software), the following elements are essential for the proper functioning of the Key Manager Plus server.
You need to have the following to utilize the SSH and SSL discovery operations in Key Manager Plus.
2. What are the operating systems supported by Key Manager Plus?
3. What are the user roles available in Key Manager Plus? What are their access levels?
Click here for details on the access levels of the default roles. 4. Can other administrators view the keys added by me? Yes, all the Administrators will be able to view all the certificates added by the other Administrators. Note that only the administrator can add certificates to Key Manager Plus. The operator user can only view the certificates shared with them. 5. How to transfer ownership of private key? All the administrators will be able to view and download the private key added by other administrators. So, it is not necessary to transfer ownership of the private key. 6. How to add a new Active Directory (AD) domain in Key Manager Plus? Administrators can add new domains for both certificate discovery and user management operations. Follow the below steps for AD User Certificate discovery:
Refer to this help section for detailed instructions. To add a new domain for user discovery:
Refer to this help section for detailed instructions. 7. How do I troubleshoot when the PostgreSQL server fails to start? Error Scenarios:
Possible Causes: The following causes are explained with respect to the above error scenarios: The 'Trying to start PostgresSQL server failed' error occurs when,
Solution: The solution given below applies to all the above error scenarios. To fix this issue, follow the below steps to provide permission,
installation path - Provide the Manage_Engine folder location. Users - Provide the Key Manager Plus service account in the following format: <DomainName\user name> or <username@domainname>. Example: icacls "C:\ProgramFiles\ManageEngine\KMP" /q /c /t /grant ManageEngine\svckmp:F
If the issue still persists, zip and send us the logs from the <KMP_HOME> and also the <KMP-HOME>\pgsql\data\pg_log folder along with the above screen shots to keymanagerplus-support@manageengine.com. 2. SSH Key Management1. Are there any differences in the way SSH user accounts and SSH service accounts are managed using Key Manager Plus? No. Key Manager Plus adopts the same approach for managing SSH user accounts and SSH service accounts. The only difference is that during server discovery, if service / root account credentials are provided to establish connection with the server, you acquire extended privileges to import and manage keys from all user accounts in the server. Whereas, when connection to the server is established using user account credentials, you get key management privileges only for SSH keys present in that particular account. 2. Is there a way to view SSH keys that were not rotated? Yes. We have a dashboard that displays the number of keys that were not rotated for the predefined time period as specified in the notification policy. 3. Does Key Manager Plus support management of digital keys other than SSH keys and SSL certificates? Key Manager Plus houses a key vault called "KeyStore" which facilitates the storage and management of any type of digital key. However, the option to discover and import is limited to SSH keys, PGP keys and SSL certificates only, and isn't available for other types of digital keys. 3. SSL Certificate Management1. Is there any certificate type that Key Manager Plus is incompatible with? No. Key Manager Plus supports all X.509 certificate types. 2. Is it possible to automatically identify and update the latest version of certificates in Key Manager Plus certificate repository? Yes. You can create scheduled tasks to perform automatic certificate discovery through which you can import and replace old certificates from target systems with their updated versions in Key Manager Plus certificate repository. Click here for a detailed explanation on creating schedules. 3. Does the Linux version of Key Manager Plus support certificate discovery from Active Directory and MS Certificate Store? No, it doesn't. The AD User Certificate and MS Certificate Store tabs appear only in the Windows version of Key Manager Plus. 4. Is it possible to group certificates with same common name? Yes, Key Manager Plus allows you to group certificates based on common name. Navigate to Settings >> SSL >> Certificate History and Enable Group Certificates By CommonName. 5. Is it possible to track the expiry of certificates with the same common name in Key Manager Plus certificate repository? Key Manager Plus differentiates certificates by their common names and records certificates with the same common name as a single entry in its certificate repository. We've designed it this way because Key Manager Plus licensing is based on the number of certificates and we don't want customers to spend many license keys for the same certificate.
6. How do I import a private key for a certificate? Follow the steps below to import a certificate's private key into Key Manager Plus.
Browse for the file that contains the private key, enter the keystore password, and click on 'Import'. The private key will be imported and attached to the selected certificate. 7. How do I deploy a certificate to the Microsoft Certificate Store and map it to the application that uses the certificate? Key Manager Plus facilitates certificate deployment through which you can deploy certificates from its repository to target server's Microsoft Certificate Store. Click here for a step-by-step explanation on certificate deployment. To map the certificate to its corresponding application, you've to manually restart the server on which the application is running for the change to take effect. 8. Does Key Manager Plus support subnet-based certificate discovery? Yes. Key Manager Plus supports subnet-based SSL certificate discovery. Click here to learn about SSL certificate discovery. 9. Does Key Manager Plus support scheduling for certificate discovery from MS Certificate Store? Yes, Key Manager Plus allows administrators to create schedules to periodically discover certificates from the MS Certificate store. Click here to learn about schedules in Key Manager Plus. 10. Are certificate related alert emails generated for all versions of a certificate (the ones that show in "certificate history" also) or only for those certificates listed in Key Manager Plus certificate repository? Email notifications are generated for certificates listed in Key Manager Plus's certificate repository. You can navigate to Settings >> SSL >> Certificate Renewal and enable Send expiry notification for the previous version after the successful renewal to receive notifications for the previous version of the certificate. 11. Are certificates issued by the company's internal Certification Authority (CA) counted for licensing? Yes. All types of SSL certificates, SSH keys and any other digital key being managed using Key Manager Plus are taken into account for licensing. There's a dashboard widget "License Details" that provides insights on the type and number of digital identities being managed using Key Manager Plus that will be taken into account for licensing. ©2025, Zoho Corporation Pvt. Ltd. All Rights Reserved. |
||||||||||||||||||||