SSH Key, SSL Certificate and Key Store

1. Overview

2. SSH Key Management

3. SSL Certificate Management

4. Key Store Management

 

1. Overview

Key Manager Plus helps you with SSH key management, SSL certificate management, and additionally provides a secure repository to store any type of digital key file.

 

2. SSH Key Management

Key Manager Plus allows you to centrally manage SSH keys, SSH servers and their users.

  • SSH Servers – Discover SSH servers and enumerate the user accounts available in them. Also, enter the credentials of user accounts.
  • SSH Users – Enter credentials of the users of discovered SSH servers, or associate them with SSH keys. You can also connect with an SSH resource from a user account (after association of key).
  • SSH Keys – Create or import SSH keys, export existing keys, associate them with the enumerated users, or rotate the deployed keys. In addition, locate keys available in the discovered servers, and manage them too.

2.1 Operations with SSH Keys in Key Manager Plus

i. Discover SSH Servers

Click the Discovery tab in the side panel, select SSH, and choose to discover SSH servers by their Hostnames/IP Addresses, IP Address Range, From File or Subnet. The list of discovered servers can be viewed from the SSH >> SSH servers tab.

ii. Input User Credentials

Navigate to  SSH >> SSH Servers and click Credentials available at the top pane. When you check the 'Root/Administrator' checkbox and enter the appropriate credentials, access is provided to all the user accounts in the server.

Alternatively, SSH Keys and the SSH Users side tabs can also be used to create, deploy, and manage the keys, and also manage all the user accounts available in the discovered resources.

iii. Create and Deploy Keys

To create keys and deploy them in the respective user accounts in the target server, click the SSH >> SSH Servers tab in the side panel and click the 'Create and Deploy' icon in the right corner of the screen.

iv. Rotate Keys

To rotate the keys, navigate to SSH >> SSH Keys tab and select the keys to be rotated. Click the 'Rotate' button available below the header bar to rotate the keys.

 

3. SSL Certificate Management

  • Discover all SSL certificates in your network or import certificates from your system.
  • Create self-signed certificates and CSRs (Certificate Signing Requests).
  • Raise requests for new certificates or addition of sub-domains to existing certificates.
  • Receive notifications when certificates are about to expire. Customize the notification schedule.
  • Identify certificates signed with weak signature algorithms.

3.1. Operations with SSL Certificates in Key Manager Plus

i. Discover Certificates

Discover the certificates in your network by navigating to the Discovery tab in the side panel, choosing the SSL button, and specifying the Hostnames/IP Addresses, IP Address Range, From File or Subnet. A list of the discovered certificates is enumerated in the SSL >> Certificates tab.

ii. Create Certificates or CSRs

Create self-signed certificates, or CSRs, from the SSL >> Certificates or SSL >> CSR tabs respectively. The new certificate and its details are appended to the respective tabs.

iii. Request Certificates

Add requests for certificates from the SSL >> Certificates tab. Click the Add button to raise a new request. Enter your request details and attach a CSR to your request. Keep track of your requests from the SSL >> Certificate tab.

iv. Customize Notification Schedule

Navigate to the Settings >> Notification tab and select the SSL Certificate expiry option and configure the number of days, and whether to receive notifications via email and/or syslog.

v. Identify Weak Certificates

Certificates encrypted with vulnerable SHA-1 algorithm are tracked and displayed in the Dashboard.

 

4. Key Store

Add any digital key to the secure repository of Key Manager Plus. Update the key versions, and export the same or retrieve previous versions of a key for disaster recovery.

 
 
 

4.1. Operations with Key Store in Key Manager Plus

i. Add Keys

Add keys to Key Manager Plus's repository, from the Key Store tab. Key Manager Plus stores the digital key along with its details in the repository. You can edit the details of the key to organize, search, and locate them faster. You can specify the details of the key such as its type (for eg. AWS-RSA), optional passphrase, and map the key to its deployed server instance by specifying server details such as the instance name (for eg. AWS-KMP server), data center (for eg. AWS-North Central U.S), and so on.

ii. Update Keys

Details of the keys imported into the Key Store can be updated by clicking the Update Key icon. The earlier version of the key is still available and can be retrieved by clicking the Key version icon.

iii. Export Keys

The keys available in the Key Store can be exported using the Export key icon. In addition, you can export earlier versions of the key by navigating to the Key version window.
Top
Home »