Notification Settings

Key Manager Plus offers comprehensive notification settings for the management of SSL certificates, SSH keys, PGP keys, domain expirations, and Azure TLS secrets. With customizable notifications and flexible SSH key policies, users can ensure proactive management of sensitive keys and certificates across their environments. This document will guide you through managing notification settings for key and certificate operations, configuring email alerts, syslog notifications, and setting up SSH key policies for better security and compliance.

1. Managing Notification Settings for Keys and Certificates

Key Manager Plus allows notifications to be sent via email, SNMP traps, or as syslog messages under the following conditions:

1. SSL Certificate Expiry: Receive alerts if SSL certificates are approaching their expiration date within a specified number of days.
2. Domain Expiry: Get notified about upcoming domain expirations within a set timeframe.
3. Azure TLS Secrets Expiry: Receive alerts for Azure TLS secrets that are nearing their expiration.
4. SSH Key Rotation: Be alerted if SSH keys are not rotated within a configured number of days.
5. Certificate Management Operations: Receive notifications for any certificate management activities within the application.
6. PGP Key Expiry: Set up email notifications specifically for PGP key expiration. To learn more about PGP keys, click here.

To configure notifications settings, follow these steps:

1. Navigate to the Settings >> Notification >> Expiry tab in Key Manager Plus web interface.
2. Enable SSL Certificate Expiry Notifications by selecting the Notify about SSL certificates expiring within checkbox and entering the desired number of days. Notifications will be sent only for certificates expiring within the specified period.
3. To customize the notification frequency, enable the following as required:
   1. Notification Email Frequency: Opt Daily to receive daily alerts or use the Customize option as desired based on your organization's notification requirements. If you choose to Customize, set the Interval to notify about the to-be-expired certificates and select the Email certificates on every schedule if expiry is less than option, if you want to receive notifications on all schedules irrespective of the above-set interval.
   2. Exclude expired certificates from email notifications: Select to exclude already expired certificates from notifications.
   3. Include multiple servers list for certificates: Enable to fetch the servers details where certificates are deployed.
   4. Send a separate email per certificate: Choose to receive separate emails per certificate, allowing customization of subject lines and attributes for each expiry notification.
      
4. You can also choose to get notifications regarding domain name expiration, PGP key expiration, TLS secret expiration or SSH key rotation failure for the configured time period or both by selecting the respective check-boxes. Expiring SSL certificates, and the SSH keys that were not rotated within the specified days are notified during the mentioned Recurrence Time.
   
5. Users have the option to modify the Subject, Content, and Signatureof email notifications for different expiry alerts, and the notifications can be delivered in two ways:
   1. E-mail – Enter the recipient addresses. Ensure that mail-server settings are configured under the Mail Server Settings tab.
   2. Syslog– Navigate to Settings >> General settings >>Syslogsettingsto mention the IP address of the server and the port to which the syslog is to be delivered. The below shown are the examples for syslog formats:
      • SSH:Key_Name:172.21.147.130_test123_id Days_Exceeded:0 Modified_On:2016-02-16 17:41:24.008
      • SSL:Parent_Domain: manageengine.com Included_Domain: kmp.com Days_to_Expire: 100 Expire_Date: 5.08.2017
      
6. After configuring these settings, click Save.

   Note: The number of days specified in the SSH key rotation and SSL certificate expiry notification policy will be applied to the dashboard settings also.

To configure audit notification settings:

1. Navigate to the Settings >> Notification >> Audit tab in Key Manager Plus web interface.
2. You can customize the alert notifications to be received for different types of operations performed in Key Manager Plus.
3. Choose the type of notification to be received by enabling the check-boxes beside each operation.
4. For SNMP and Syslog notifications, make sure you have already configured the server details under Settings >> General Settings >> SNMP/SysLog settings.
5. For email notifications, you can either choose to notify all the administrator users or just a specific set of email IDs by enabling the respective check boxes.
6. Once you have specified the choices, click Save.

2. Security Advisory Configuration

To keep Key Manager Plus users informed about important security upgrades or fixes, Key Manager Plus offers a Security Advisory subscription service. With this feature, users can receive instant notifications about security updates via email. Follow the below steps to subscribe:

1. Click on the My Profile icon located at the top-right corner and click Security Advisory.
2. In the pop-up window, you will be prompted to provide the name of your organization, a primary email ID, secondary email IDs, and your phone number. You will also need to select your country. You can add multiple secondary email addresses, and you can update or change the primary email at any time.
3. After entering the required details, click Subscribe.
4. Upon subscription, a user acceptance email will be triggered to the provided email IDs. Once the subscription is accepted by the users via the provided link, the configured email addresses will begin receiving notifications about security upgrades and advisories.
   

©2025, Zoho Corporation Pvt. Ltd. All Rights Reserved.