Integration with emSign

Key Manager Plus facilitates integration with emSign signing authority (powered by eMudhra), making it possible for enterprises to automate the end-to-end management of web server certificates signed and issued by emSign from a centralized platform. This document discusses the steps to manage the life cycle operations of SSL/TLS certificates issued by emSign directly from Key Manager Plus' web interface—right from importing existing orders, certificate request and provisioning, to deployment, and thereupon.

Before you proceed with the integration, complete the following step as a prerequisite:

Refer to the sections that follow to learn more about emSign integration and certificate management with Key Manager Plus:

1. Configuring emSign CA Details in Key Manager Plus

To begin managing SSL certificates issued by emSign from Key Manager Plus, you must add your emSign account in Key Manager Plus via your unique API Key. If you do not have an emSign account, contact the emSign team for sign up and get your login credentials. Once you have your allocated emSign account, follow the steps below to generate an API key to begin the integration process.

1. Log in to your emSign portal and select Integration >> REST APIs from the left pane.
2. Navigate to the upper-right corner of the page that appears and click the Add icon.
3. In the dialog box that appears, enter the Description, select a User from the dropdown, and click Generate Access Key.
4. Upon submitting the request, you will get an access key generated by the system to use the emSign platform via REST API.

Now, log into the Key Manager Plus web interface, and add your emSign credential with the unique Account Number and Access Key by performing the below steps:

1. Navigate to Integrations >> emSign.
2. If a pop-up confirmation dialog box appears, click OK to confirm adding an emSign credential into Key Manager Plus.
3. Click Manage at the top-right corner of the page.
4. In the new page that appears, click Add to add an emSign credential.
5. In the dialog box that opens, enter the Credential Name, Account Number, and Access Key and click Save. This is a one-time operation. You can also click Test Login to check the communication between the emSign portal and the Key Manager Plus interface.
   

Once your emSign account details are linked to Key Manager Plus, the system retrieves vital information such as accounts, groups, organizations, and domains and organizes them under the individual tabs with corresponding details. These details are crucial as emSign CA issues certificates based on them. For further manual synchronization, you can use the Sync Groups, Sync Organizations, and Sync Domains options from the More dropdown in the tab by selecting the respective credentials.

2. Importing Existing emSign Orders

If you have an active emSign account, it is likely that you currently have ongoing certificate orders. Key Manager Plus offers the convenience of initiating new certificate orders and importing and effectively managing all existing orders from the emSign portal through its user-friendly interface. The next step is to import all certificate orders from your emSign portal into Key Manager Plus. To import the existing certificate orders,

1. Navigate to the Integrations >> emSign tab in Key Manager Plus.
2. Click Import Existing Orders from the top menu.
3. When importing the existing orders, you can choose to exclude the expired, revoked, or rejected certificates from being added to Key Manager Plus certificate repository (This option is provided to help you save license count by excluding the addition of unnecessary certificates into Key Manager Plus. However, irrespective of the option chosen, all the order details will be imported into Key Manager Plus).
4. Select the required option and click Import.
5. All the existing certificate orders associated with your emSign account will be imported into Key Manager Plus.
   

3. Creating New Certificate Orders

Upon successful integration of the emSign account into Key Manager Plus by providing the Username and Access key, you can place certificate orders in the emSign portal and retrieve certificates directly from the Key Manager Plus interface. To place a new certificate order,

1. Navigate to Integrations >> emSign in Key Manager Plus, and click Order Certificate.
2. In the window that opens, select the Credential Name, Product, Organization, and specify the Organization Units, Domain Name, Key, Algorithm Length, Private Key Password, KeyStore Type, and the requester contact details such as Requester Name, Requester Email, Requester Phone Number, and Requester Designation attributes accordingly.
   

   Note: You also have the option to either paste the CSR content directly or choose the CSR created via Key Manager Plus, eliminating the need to select it from your local files.

3. Additionally, you can specify the subscription validity (in years) for a few products.
4. To automatically secure the WWW variant of a website, tick the Automatically secure 'WWW' variant of websites checkbox beneath the Domain Name field.
   
5. If required, specify the technical contact details.
6. To automatically renew the emSign certificates, tick the Auto-renew certificates until subscription coverage checkbox and select the number of Days to Expire.
7. After filling in the required details, click the Order Certificate button.

To cancel the certificate order, navigate to Integrations >> emSign and select the certificate order from the list. Click the Cancel Order button at the top pane and confirm your action.

4. Checking the Order Status

Once a certificate order is successfully created, you can view it under the Integrations >> emSign tab, with its status displayed to the right. To track the certificate availability for an order, select the order and click Check Order Status from the top pane. Once a certificate is issued, it is fetched and added to the Key Manager Plus certificate repository. You will be able to view it under SSL >> Certificates.

5. Managing emSign Certificates

5.1 Revoking emSign Certificates

Key Manager Plus allows you to revoke emSign certificates right from its interface. To revoke a certificate from Key Manager Plus, perform the following action:

1. Navigate to Integrations >> emSign and select the certificate you want to revoke.
2. Click the Revoke Certificate button at the top pane.
3. In the dialog box that appears, select a valid reason for revoke from the dropdown and enter your comments.
4. Click Apply to revoke your emSign certificate.
   

5.2 Deleting emSign Certificates

To delete emSign certificate orders from Key Manager Plus,

1. Navigate to Integrations >> emSign and select the required certificate orders from the list.
2. Click the Delete button at the top pane and confirm your action.
3. Upon execution, the certificate orders will be deleted from Key Manager Plus and the related certificates will remain intact in the SSL tab.