With more and more business operations going online by the day, managing digital security certificates is one task that IT administrators are becoming increasingly concerned about. Most enterprises today fall into the conventional method of requesting and acquiring ad hoc certificates on demand, and attempting to track them manually using spreadsheets and also losing visibility of unknown purchases. A few enterprises get locked-in to a single vendor solution—that comes along when purchasing SSL certificates from external certificate authorities (CAs)—for public certificate life cycle management within their network.

Either way, IT administrators often spend too much time on unnecessary certificate management tasks or miss things altogether. The conventional method is not effective due to the human error factor, which can lead to expiration oversights and service downtimes. The problem with vendor locked-in management solutions is that they don't provide enterprises with the agility to switch between vendors, or employ a multi-vendor certificate infrastructure within their organization when necessary.

An ideal solution under these circumstances would be a central, unified platform that facilitates integration with multiple certification authorities. This enables administrators to procure and manage life cycles of all flavors of public certificates from a single place while increasing visibility and control.

Introducing enterprise PKI life cycle management from a centralized interface

Key Manager Plus, the web-based SSH key and SSL certificate management solution from ManageEngine, now supports end-to-end life cycle management of certificates issued by numerous public CAs from a centralized web interface. This functionality is powered through a seamless API integration with The SSL Store™—the largest platinum partner of the world's leading trusted CAs.

This enables users to request and acquire certificates from multiple trusted certificate vendors and manage them holistically from a single platform at a fraction of the cost compared to buying directly from any CA. Now, administrators can not only switch between certificate authorities without the fear of losing visibility, but they can also easily deploy certificates from different vendors to different applications within their network while improving efficiency and cost.

How does this integration work?

Establish API connection credentials by creating an enterprise account with The SSL Store ™


To leverage Key Manager Plus' integration with The SSL Store™ and begin managing public CA certificates, you have to sign up for an exclusive enterprise account with The SSL Store™
( https://www.thesslstore.com/partner/zoho-enterprise-signup.aspx).

After creating the account, The SSL Store™ generates an API key which has to be supplied in the Key Manager Plus web portal. Once the API connection is established, administrators can place certificate orders, monitor statuses, and automate the life cycle operations of certificates issued by vendors affiliated with The SSL Store™ directly from Key Manager Plus.

Single pane of glass monitoring

Key Manager Plus comes with a built-in Certificate Signing Request (CSR) generation tool. This enables admins to place certificate orders with multiple public CAs and keep tabs on their statuses from a unified interface. Also, users can import the already existing open orders with all the vendors into Key Manager Plus in a single click and put an end to all the hassles caused by disjointed tracking.

Fully-automated domain control validation

Every public certification authority checks for domain legitimacy by requiring a set of verification procedures, called domain control validation or DCV, to be fulfilled before issuing the certificate. Key Manager Plus provides ways to automate domain control validation, and fetch and consolidate the issued certificates into its repository.

This helps admins deploy the certificates to their corresponding end servers. Admins can save a lot of time with certificate installation, and eliminate common SSL errors and misconfiguration issues caused during manual deployment with this feature.

Track, renew, and repeat

Once certificates have been acquired from the external CAs and deployed to their end-servers, you can track their usage and get periodic notifications about expiration dates in advance. This helps eliminate service outages and the display of error messages caused by certificate expirations. Key Manager Plus also supports certificate renewals from public CAs from its web interface. This provides IT administrators with agility, visibility, and control over certificate life cycle management operations that conventional techniques or vendor locked-in solutions fail to offer.

Disclaimer: The procurement of public CA certificates from Key Manager Plus can be successfully completed only if the user has signed up for an exclusive enterprise account with The SSL Store™. Key Manager Plus imports certificates after issue using The SSL Store's API for providing better certificate management functionality. All personal information (including payment details) is collected and processed by The SSL Store™ and ManageEngine is not responsible for any payment related issues. Please contact The SSL Store™ technical support team if you are facing any difficulties with payment and procurement of certificates from public CAs affiliated with The SSL Store™ using Key Manager Plus.