Sharing SSL Certificates with Users

PAM360 allows you to share your certificates or certificate groups with users and user groups. When you share a certificate, all the details of that certificate will be naturally shared. In general, every user will have access to the certificates they own and also to those that are shared with them.

A user with whom a certificate is shared can also export and access its private key, but only after raising a request for the same with the certificate's owner and getting approval. However, the approval grants the permission only for export; any other operation involving the private key will not be available for the user.

What you can share with other users and user groups?

You can share

  • An owned certificate to a user or user group.
  • An owned certificate group to a user or user group.

In this document you will learn to:

  1. Sharing a Certificate with Users / User Groups
  2. Sharing a Certificate Group with Users / User Groups
  3. Sharing Certificates
  4. Requesting a Certificate's Private Key from the Owner of the Certificate

1. Sharing a Certificate with Users / User Groups

  1. Navigate to the Certificates tab.
  2. Select the particular certificate to be shared.

  3. Click on the More action button at the top and select the required option from the dropdown menu—either Share With Users or Share With User Groups, depending on your need.

  4. In the new window that opens, choose the user(s) or user group(s) whom you want to share the certificate with and click Share. Once shared, the access to the certificates can be revoked any time from the same window.

    Note: When you share a particular certificate with a user group, it will be visible to all members of that user group, provided that their role includes the privilege to access SSL certificates.

2. Sharing a Certificate Group with Users / User Groups

  1. Navigate to the Certificates tab.
  2. Click on Certificate Group on the top right corner.
  3. Select the required certificate group that you want to share.

  4. Depending on whether you need to share the certificate group with user(s) or user group(s), select the required option—either Share With Users or Share With User Groups.
  5. In the new window that opens, choose the user(s) or user group(s) whom you want to share the certificate with and click Share. Once shared, the access to the certificates can be revoked any time from the same window.

Note: Since only owned certificates can be shared, certificate groups can be created only with owned certificates. When you share a particular certificate group with a user group, the details of all respective certificates belonging to the certificate group would be visible to all the members of the user group, provided that their role includes the privilege to access SSL certificates.

3. Sharing Certificates

PAM360 allows users to modify the access level to the shared certificates globally. This allows the user to give view/ modify permission to the users under the selected roles with whom the certificates are shared. To do this,

  1. Navigate to Admin >> SSH/SSL Config >> Certificate Sharing.
  2. In the Certificate Sharing window, move the user roles accordingly to grant View or Manage permission to certificates for those user roles.
  3. Select the checkbox to Share the renewed certificate with users who have access.
  4. Click Save.

Now, the users to whom the certificates are shared will have the appropriate permission.

4. Requesting a Certificate's Private Key from the Owner of the Certificate

When a certificate is shared with you, you can carry out the operations that doesn't involve the private key of the certificate. These include:

  • View certificate details like expiry, key size, algorithm, length, and DNS name
  • Scan vulnerabilities
  • Check domain expiry
  • Edit
  • Sync with CMDB, and
  • Export the certificate

In addition to these, you can request the certificate's private key from the owner of the certificate. To do so,

  1. Navigate to Certificates, select the shared certificate from the list, and click on Request key from certificate's owner from the Keystore icon beside the certificate.

  2. You can also request the private key by clicking on the shared certificate, and then clicking on Request key from certificate's owner from the 'Certificate Details' window.

  3. The owner of the certificate will be notified of the request through PAM360 and email. Upon approval, you can export the private key from the Certificates tab only once.
  4. To export the private key, navigate to Certificates, select the shared certificate, and then click on Export Private Key from the 'Keystore' icon beside the certificate.

  5. Alternatively, you can export the private key by clicking on the shared certificate, and then clicking on the Export button beside Keystore from the 'Certificate Details' window.

  6. Note: As mentioned above, you can export the private key of a shared certificate only once after approval from its owner. You need to request the private key from the certificate's owner if you want to export it again.

Top