Top

Admin Settings

Perform basic settings to administer Key Manager Plus from the Settings section. Create accounts for other users, perform basic configurations such as mail server setting, proxy details, active directory integration, periodic backup schedule, and other tasks.

  1. User Management
  2. Integrate Active Directory and Import Users
  3. RADIUS authentication
  4. LDAP authentication
  5. SAML Single Sign On Authentication
  6. Mail Server Settings
  7. Proxy Server Settings
  8. RESTful API
  9. Dashboard Settings
  10. Installing server certificate
  11. Privacy Settings
  12. Policy Configuration
  13. SSL Settings 
  14. Change Password
  15. Ticketing System
  16. Notification Policy
  17. Integration with CMDB
  18. Domain Expiration
  19. Additional Fields
  20. Apply License File
  21. Tools

1. User Management

1.1 User Roles

Key Manager Plus allows you to have two types of user roles. Administrator and Operator.

  AdministratorOperator
  Di C I V A D E Di C I V A D E
Manage User accounts (in Key Manager Plus) NA tick tick tick tick tick NA NA close close close close close NA
Manage SSH Servers and Resource Groups tick tick tick tick tick tick NA close close NA close close close NA
Manage SSH keys and Key Groups tick tick tick tick tick tick tick close close close close close close close
Manage SSH Users and User Groups tick tick tick tick tick tick tick close close close tick close close close
Manage SSL Certificates tick tick tick tick NA tick tick close close close tick NA close tick
Connect with remote SSH terminal tick tick
(Only to user accounts assigned by the administrator)
Schedule operations tick close

Di – discover ; C – create ; I – import ; V – view ; A – assign ; D – delete; E-Export

1.2 User Addition

You can add users to Key Manager Plus and create an account for them to access the product in two ways:

  1. Manually add users
  2. Import users from Active Directory.

1.2.1 Add Users

To create a user,

  1. Navigate to the Settings >> User Management >> Users tab in the GUI.
  2. Click the Add User button.
  3. Enter the Login name, Password, and the E-mail Id of the user.
  4. Assign role for the new user - Administrator or Operator.
  5. If you are selecting the role for the new user as Administrator, you can select and save that.
  6. If you are assigning the Operator role to the user, you can select whether the user can access SSH user accounts and/or SSL certificates, and, these should be added manually. 
    1. If you are assigning SSL certificates to the user, directly select the certificates. You can also select to Grant permission to the user to sign the certificates which will allow the operator to sign the CSR by default if the Signing Approval Setting is enabled globally. 
    2. For SSH server selection, three options are available:
      1. Select Specific Users – Click the check boxes available next to a resource name to assign all the user accounts of that resource to the operator. Else, click the arrow next to the checkbox to expand the list of user accounts available in the resource and select individual user accounts to be assigned.
      2. Resource group – Select the group(s) to be assigned to the operator. The operator is provided access to only those SSH user accounts across all the resource(s) (of the selected resource groups), which have the same name as the login name of the operator.
      3. User group – Select the group(s) to be assigned to the operator. The operator is provided access to only those SSH user accounts available in the selected user group(s).
    3. You can simultaneously assign SSH user accounts, and SSL certificates to the same user (operator).
  7. Click Save.

A pop up message will confirm the addition of a new user to the database.

Note: Only operators need to be assigned the resources and groups for which they need access. Administrators are automatically provided with access to all resources and certificates associated with Key Manager Plus.

Generate user certificates

You can also create and sign certificates for Key Manager Plus users based on a root certificate. To generate user certificates,

  1. Navigate to Settings >> User Management >> Users tab.
  2. Select the user(s) for which you need to generate a certificate and click Sign.
  3. In the pop-up that opens, select the root certificate based on which the user certificate(s) need to be signed, specify the SAN and Validity in days. 
  4. By default, the user certificate inherits the same parameters as that of the root certificate. You can modify its details by unchecking the Use root certificate details check-box.
  5. Click Sign. Separate certificates are generated for the user accounts selected and are consolidated in Key Manager Plus' certificate repository.

You then have to deploy these certificates to their corresponding end-servers. Refer to this section of help for step-by-step explanation on certificate deployment.

1.2.2 Modify Users

To edit a user:

  1. Navigate to the Settings >> User Management >> Users tab in the GUI.
  2. Select a user and click the Edit User button.
  3. Modify the Mail id, assigned users list, or user role.
  4. Click the Update User button to update changes.

You will get a confirmation message that the changes to the user have been updated successfully.


2. Integrate Active Directory and Import Users

You need to carry out the following steps to import users from AD and assign them necessary roles and permissions in Key Manager Plus:

You can store any key file securely in the Key Manager Plus repository from the Key Store tab. From here, you can also edit the key details, update key file, keep track of previous versions of the key, store them in an organized manner, or export the keys, or previous versions to your system or mail address.

2.1 Importing Users

From the server in which it is running, Key Manager Plus automatically gets the list of domains available under the Microsoft Windows Network folder. You need to select the required domain and provide domain controller credentials.

To do this,

  1. Navigate to Settings >> User Management >> Active Directory.
  2. Select the required Domain Name, which forms part of the AD from the drop-down.
  3. Specify the DNS name of the Domain Controller. This domain controller will be the primary domain controller.
  4. In case, the Primary Domain Controller is down, Secondary Domain Controllers can be used. If you have secondary domain controllers, specify their DNS names in comma separated form. One of the available secondary domain controllers will be used. When you use SSL mode make sure the DNS name specified here matches the CN (common name) specified in the SSL certificate for the domain controller.
  5. Enter a valid user credential (User Name and Password) of an user account within the particular domain. Then enter the Users / User Groups / OUs that you want to import as comma separated values and click Import. To import user groups/OUs directly, choose Groups/OU tree Import type and select the required groups from the list. While importing users from user groups/OUs, you can choose to enable Active Directory synchronization to keep the user database updated. See section 2.2 for more details.
  6. Also, Key Manager Plus provides an option to automatically discover SSL certificates in the Active Directory (AD) users as and when they are imported into Key Manager Plus. Enable the check box Import AD user certificate(s) to perform the discovery and import the certificates into the certificate repository of Key Manager Plus.
  7. For each domain, you can configure if the connection should be over an encrypted channel for all communication. To enable the SSL mode, the domain controller should be serving over SSL in port 636 and you will have to import the domain controller's root certificate into the Key Manager Plus server machine's certificate.

As mentioned above, to enable SSL mode, the domain controller should be serving over SSL in port 636. If the certificate of the domain controller is not signed by a certified CA, you will have to manually import the certificate into the Key Manager Plus server machine's certificate store. You need to import all the certificates that are present in the respective root certificate chain – that is the certificate of the Key Manager Plus server machine and intermediate certificates, if any.

2.2 Active Directory Synchronization

Keep the user database updated by enabling Active Directory (AD) synchronization while importing users from AD. Set up recurring synchronization schedules for single or multiple AD domains. Creating AD user synchronization schedules allows importing users from user groups or organizational units that are part of multiple AD domains. Once an AD Synchronization schedule is set up, any new users added to the Active Directory domain will automatically be imported into Key Manager Plus when the AD synchronization schedule runs. To enable AD user sync, follow the below steps:

  1. Select the Enable Active Directory Sync checkbox.
  2. Choose a preferred Recurrence Type: Daily, Weekly, or Monthly.
  3. Enter a Start Time and Start Date for the schedule.
  4. Click Import to start the import immediately. The AD sync schedule will also be created. However, if you click Save, all the domain and schedule details will be saved for future use but the user import will not begin until you click the Import option.

Using the above method, you can create a schedule to synchronize the entire user database of a selected AD Domain. To create AD sync schedules for a set of user groups or OUs, follow the below steps:

  1. Enter Domain details and credentials as instructed above. Under Import Type, click Groups/OU Tree.
  2. In this window, choose Groups or Organization Units and select the required User Groups using the checkboxes provided.
  3. Select the Enable Active Directory Sync checkbox.
  4. Choose a preferred Recurrence Type: Daily, Weekly, or Monthly.
  5. Enter a Start Time and Start Date for the schedule.
  6. Click Import to start the import immediately. The AD sync schedule will be created for the selected user groups. However, if you click Save, all the domain and schedule details will be saved for future use but the user import will not begin until you click the Import option.

To view the AD sync schedule you created, click the calendar icon () available at the top right corner. You will see options to enable, disable, or delete the existing schedules. If you choose to disable a schedule, the AD sync will stop temporarily, but the details will remain in the system - which means, the schedule will start running as usual if you enable it again.

Notes:

  1. Please note that you can create only one schedule for a selected AD domain. Within the selected domain, you may choose to import users from any number of groups or Organizational Units. If you create a new AD sync schedule for a domain that already has an existing schedule, the previously created schedule will be overwritten.
  2. After the user import into Key Manager Plus is complete, if a user is deleted in the AD domain, that particular user will be shown as 'locked' in Key Manager Plus. You can manually remove the user from the Key Manager Plus user list.

  3. A new audit log will be created each time the AD Sync Schedule runs. Each new user added during the schedule will also be tracked in the Audit tab.

To import domain controller's certificate into Key Manager Plus machine's certificate store: (you can use any procedure that you normally use to import the SSL certificates to the machine's certificate store. Refer to the example given below)

  1. In the machine where Key Manager Plus is installed, launch Internet Explorer and navigate to Tools >> Internet Options >> Content >> Certificates.
  2. Click Import.
  3. Browse and locate the root certificate issue by your CA.
  4. Click Next and choose the option Automatically select the certificate store based on the type of certificate and install.
  5. Again click Import.
  6. Browse and locate the domain controller certificate.
  7. Click Next and choose the option Automatically select the certificate store based on the type of certificate and install.
  8. Apply the changes and close the wizard.
  9. Repeat the procedure to install other certificates in the root chain.

Key Manager Plus server can now communicate with this particular domain controller over SSL. Repeat these steps for all domain controllers to which you want Key Manager Plus to communicate over SSL. Note that the DNS name you specify for the domain controller should match the CN (common name) specified in the SSL certificate for the domain controller.

  1. By default, Key Manager Plus will populate all the OUs and groups from AD. If you want to import only a particular user, enter the required user name(s) in comma separated form.
  2. Similarly, you can choose to import only specific user groups or OUs from the domain. You can specify the names in the respective text fields in comma separated form.
  3. Click Import. Soon after hitting this button, Key Manager Plus will start adding all users from the selected domain. During subsequent imports, only the new users entries in AD are added to the local database.
  4. In the case of importing organizational units (OUs) and AD groups, user groups are automatically created with the name of the corresponding OU/AD group.

Important Note:

Groups/OUs too large to display:

When you have a large number of groups or OUs in the domain controller, specifically when the number exceeds 2500, Key Manager Plus will not display them in the GUI. In such cases, you will see the message Groups too large to display / Organizational Units too large to display. When this happens, you have to specify the groups or OUs that are to be imported alone, instead of getting all the groups / OUs in the display.

2.3 Assigning Roles

All the users imported from AD will be assigned the Operator role by default. To assign specific roles to specific users and/or to assign SSH user accounts of discovered resources, refer the Modify Users page of the help document.

You will get a confirmation that the user has been deleted successfully.


3. Radius Authentication

Click here to learn more about Radius Authentication.


4. LDAP Authentication

Click here to learn more about LDAP Authentication.


5. SAML Single Sign On Authentication

Click here to learn more about SAML Single Sign On Authentication.


6. Mail Server Settings

After installation, you need to carry out certain basic settings. The first setting is related to configuring the mail server to let Key Manager Plus send emails directly from within the application without the need of an external mail client. You need to configure the SMTP server details as given in the steps below. Key Manager Plus users can be notified regarding schedules, policy enforcements, and reports, only through email. The same settings are also used while exporting the certificate, digital key files via email; and also for the Forgot Password option in the login page.

To set/modify the mail server settings:

  1. Navigate to the Settings >> General Settings >> Mail Server tab in the GUI.
  2. Enter the server name and specify the port used for communication. Enter the User Name and Password for authentication.
  3. Enter the from and to mail addresses.
  4. Click the Test Mail button to send a test mail to the address specified, and verify the settings.
  5. Click the Save button.

You will get a confirmation that the mail server settings have been updated.


7. Proxy Server Settings

You then need to specify how you want to connect to the Internet - directly or over a proxy.
To set/modify the proxy server settings:

  1. Navigate to the Settings >> General Settings >> Proxy Server tab in the GUI.
  2. You can connect to the Internet either directly or using a proxy server.
  3. If you choose to connect using proxy server, enter the details of the server, and the user credential.
  4. Click Save.

You will get a confirmation message that the proxy server settings have been updated.

7.1 SNMP Settings

Key Manager Plus facilitates raising SNMP traps to management systems within your network for various key and certificate management operations performed from within the application. On the occurrence of a configured operation, an SNMP v2c trap is sent to the specified host and port. The varbinds include the name of the user who operated, date and time and the reason of the operation that resulted in the event.

To configure your SNMP server details,

  1. Navigate to Settings >> General Settings >> SNMP in Key Manager Plus web interface.
  2. Specify the hostname of the SNMP manager, port number and specify the SNMP community string.
  3. Click Save.

You will get a confirmation message that the SNMP server details have been configured.

7.2 Syslog settings

You can configure Key Manager Plus to generate and send RFC-3164 compliant Syslog messages to a dedicated server and port within your network. Syslog notification can be configured for the occurrence of key / certificate expiration, and for various other key / certificate management operations performed from the product.

To configure Syslog settings,

  1. Navigate to Settings >> General Settings >> SysLog Settings in Key Manager Plus web interface.
  2. Specify the IP address of the syslog server and the port number.
  3. Click Save.

You will get a confirmation message that the Syslog server details have been configured.


8. RESTful API

 Click here to learn more on RESTful API.


9. Dashboard Settings

Since either or both of SSH keys and SSL certificates can be managed by a user, you can customize the Dashboard to reflect the details of only SSH keys, or SSL certificates, or both.

To customize the dashboard details:

  1. Navigate to the Settings >> Dashboard Settings tab in the GUI.
  2. Select the SSH, SSL, or Both radio button from the Dashboard type options to display the respective details on the dashboard.
  3. Click Save.

You will get a confirmation message that the configuration settings have been updated.


10. Installing Server Certificate

Click here to learn more about installing server certificates.


11. Privacy Settings

Click here to learn more about privacy settings.


12. Policy configuration

Key Manager Plus allows you to create a high level policy on SSH keys management. You can specify whether to retain or overwrite the existing keys. That means, when Key Manager Plus creates new keys if they are to be appended to the existing ones or they should be deleted. The second option helps you to remove all existing keys and have a fresh start. Your SSH environment will have only the keys that were generated by the Key Manager Plus. Key Manager Plus carries out these changes in the authorized_keys file directly.

From the Policy configuration tab in the GUI, you can set the option for adding keys to the authorized_keys file. You can choose from:

  1. Append – Allows you to retain existing keys as well the new ones deployed by Key Manager Plus.
  2. Overwrite – Removes all existing public key information from the authorized keys file and retains the public keys deployed from Key Manager Plus only. This is what we call as clean start.

To change the policy configuration:

  1. Navigate to the Settings >> SSH >> Policy Configuration tab in the GUI.
  2. Select to either Append or Overwrite the keys.
  3. Click Save.

You will get a confirmation that the policy configuration settings have been updated.


13. SSL Settings

Key Manager Plus provides certain settings exclusive to SSL related operations that can be customized based on user requirements. They are:

13.1 Certificate History

Key Manager Plus allows you to group the certificates under a common name. To enable this, 

  1. Navigate to Settings >> SSL >> Certificate History.
  2. Choose Enable or Disable the Group Certificates by CommonName option. 
  3. Enabling the option will group the certificates under one Common Name.
  4. Disabling this option will create new certificates based on the unique Serial Numbers assigned to the certificates.
  5. To view these certificates, navigate to SSL >> Certificates and enable Certificate History from column chooser.
  6. Now, click the certificate history icon corresponding to the required certificate to view the certificates.

Note: On certificate renewal, the older version of the renewed certificate will be moved to Certificate History.

13.2 Vulnerability Scan

  1. Key Manager Plus provides users with the option to enable or disable the SSL vulnerability tasks created in schedules. 
  2. There is an option to enable or disable SSLv3 protocol in Key Manager Plus server.

Note: The SSLv3 protocol should be enabled in Key Manager Plus server in order to perform the SSL vulnerability scan in target resources. By default, this setting is turned off. 

13.3  Certificate Renewal

Key Manager Plus provides an option to automatically renew SSL certificates issued by Microsoft Certificate Authority and certificates self-signed from within the Key Manager Plus UI. When enabled, the corresponding certificates are renewed according to the recurrence time specified, and updated in Key Manager Plus certificate repository. The certificates that are due to expire in the number of days mentioned in the Days to Expire field will also be auto-renewed. Select the checkbox to Exclude auto-renewal certificates from email notifications. This allows the certificates marked for auto-renewal to be excluded from the email notifications even if they fall under the expiry notification configuration. Select the Send expiry notification for the previous version after the successful renewal option to send expiry notification emails for the previous versions of the certificates after their renewal.

Note: For successful Microsoft CA auto renewal, ensure that the domain administrator account is used as Key Manager Plus service logon account.

13.4 Certificates Sync Status

Key Manager Plus allows users to perform periodic and automatic checks on the synchronization status on the SSL certificates deployed to multiple servers.
When enabled, Key Manager Plus gives you options to check for out-of-sync servers and delete the servers in which there is a certificate mismatch. Follow the below steps to enable certificate sync status check:

  1. Navigate to Settings >> SSL >> Certificates Sync Status.
  2. Click Enable and enter a recurrence time interval in hours or minutes.
    1. Check only the Non-Sync servers - select this option to check and consolidate only the out-of-sync servers.
    2. Delete the server if Non-Sync - select this option to delete the servers that are found to have a certificate mismatch after the synchronization check.
  3. Click Disable to stop the synchronization check.

13.5 Excluded Certificates 

Key Manager Plus allows users to exclude specific SSL certificates from being imported into the certificate repository during discovery or manual addition. 

To list a certificate that needs to be excluded:

  1. Navigate to Settings >> SSL >> Excluded Certificates.
  2. Click Add.
  3. Specify the common name, certificate serial number, reason, and click Save.
  4. The specified certificate is excluded from being imported into Key Manager Plus certificate repository during discovery / manual addition.

13.6 IIS Binding

Key Manager Plus allows users to deploy SSL certificates to the IIS server and also perform IIS binding. Click here for detailed steps on IIS binding. Once the server details are saved in the SSL tab, they will also be available in the Settings page. To deploy and bind certificates in bulk, follow the below steps:

  1. Navigate to Settings >> SSL >> IIS Binding.
  2. The details of servers to which you have deployed certificates will be listed here. Click the Edit icon beside a server and edit attributes such as Path, Site Name, Host Name, Port and Certificate. You cannot edit the Server Name. Select the Restartsite checkbox to restart the site automatically and click Save.
  3. Select multiple servers by clicking the checkboxes beside them and click Deploy And Bind from the top bar.

Now, the SSL certificates will be deployed to the associated server and IIS binding to the specified site will be complete.

13.7 Approval

Key Manager Plus allows the administrators to grant and revoke access to the operators to sign the CSRs' created by them.

  1. Navigate to Settings >> SSL >> Approval.
  2. In Signing Approval Settings, Enable/Disable certificate sign permission for the operator globally and click Save. 

14. Change Password

Users having a local account with Key Manager Plus, can change their own password and email ID. The Change Password tab facilitates this.

To change login password:

  1. Go to Settings >> Change Password tab in the GUI.
  2. Enter the old password.
  3. Enter new password.
  4. The new password will NOT be emailed. Take care to remember your new password. If you forget your password, use the Forgot password link available in the login page of Key Manager Plus to reset your password.
  5. Confirm the new password.
  6. Click Save.

14.1 Delete Users

To delete the users:

  1. Navigate to Settings >> User Management >> Users.
  2. Select the user you would like to delete and click the Delete User button.

15. Ticketing System

Click here to learn more about Ticketing System Integration.


16. Notification Policy

You can set up to get notified via email, syslog messages or SNMP traps in case of any of the following cases:

  1. If SSL certificates are expiring within a specified number of days.
  2. If domain names are about to expire within a specified number of days.
  3. If SSH keys are not rotated for more than a specified number of days.
  4. For certificate management operations performed from within the application.
  5. If PGP keys are expiring within a specified number of days. Click here to learn more about PGP keys.

Note: Notifications regarding PGP key expiration will be sent via email only.

To set/modify expiry notification settings:

  1. Navigate to the Settings >> Notification >> Expiry tab in Key Manager Plus web interface.
  2. To enable SSL certificate expiry notifications, select the Notify about SSL certificates expiring within checkbox. Choose a value for days. You will get notified about only those certificates whose expiry dates fall within the period (number of days) you enter.
  3. Notification Email Frequency: Choose to receive notifications either Daily or Customize your notifications.
    1. If you choose to Customize, set  the Interval (in days) to notify about the to-be-expired certificates.
    2. Select the Email certificates on every schedule if expiry is less than option if you want to receive notifications on all schedules irrespective of the above-set interval.
    3. Select Exclude expired certificates from email notifications to not get notified about expired certificates.
    4. Select Include multiple servers list for certificates to get the details about the list of servers where the certificates are placed/deployed.
    5. Select Send a separate email per certificate to customize each email. You can mention the Subject and/or select the attributes to add in the subject of the expiry notification.
  4. You can also choose to get notifications regarding domain name expiration, PGP key expiration or SSH key rotation failure for the configured time period or both by selecting the respective check-boxes. Expiring SSL certificates, and the SSH keys that were not rotated within the specified days are notified during the mentioned Recurrence Time.
  5. You are also allowed to edit the Subject, Title and Signature of your email-notifications.
  6. You can choose to be notified in two ways:
    1. E-mail – Enter the from and to addresses. To enter mail server details, go to the Mail Server Settings tab.
    2. Syslog – Navigate to Settings >> General settings >>Syslog settings to mention the IP address of the server and the port to which the syslog is to be delivered.(Refer to the format below)
  7. After filling in the details, click Save.
admin-notification

 

16.1 Syslog Format

SSH
<190> Key_Name:172.21.147.130_test123_id Days_Exceeded:0 Modified_On:2016-02-16 17:41:24.008

SSL
<190> Parent_Domain: manageengine.com Included_Domain: kmp.com Days_to_Expire: 100 Expire_Date: 5.08.2017

Note: The number of days specified in the SSH key rotation and SSL certificate expiry notification policy will be applied to the dashboard settings also.

To set/modify audit notification settings:

  1. Navigate to the Settings >> Notification >> Audit tab in Key Manager Plus web interface.
  2. You can customize the alert notifications to be received for different types of operations performed in Key Manager Plus.
  3. Choose the type of notification to be received by enabling the check-boxes beside each operation.
  4. For SNMP and Syslog notifications, make sure you have already configured the server details under Settings >> General Settings >> SNMP / SysLog settings.
  5. For email notifications, you can either choose to notify all the administrator users or just a specific set of email IDs by enabling the respective check boxes.
  6. Once you have specified the choices, click Save.

17. Integration with CMDB

Click here to learn more about CMDB integration.


18. Domain Expiration

Key Manager Plus has an in-built WHOIS look up tool that helps administrators query and obtain information about any registered domain name such as ownership details, date of registration & expiration, IP address history and more.

To access the WHOIS look up tool,

  1. Navigate to Settings >> Domain Expiration.
  2. In the window that opens, enter the domain name for which you want to obtain the details (in terms of a top-level domain or sub domain of a top-level domain).
  3. Click Get Details. The details about the domain are displayed in the dialog box that opens below.

Note: Before performing the lookup, ensure that port 43 is open in your environment without which connection to WHOIS servers would fail.

19. Additional Fields

Click here to learn more about additional fields.


20. Apply License File

When you purchase Key Manager Plus, you will get a product license key. You can apply the license key by following the steps below:

  1. On the top right hand corner of the GUI, you will find your account information. Click that.
  2. Select the License option.
  3. Click the Update License button in the License Details pop-up window.

Upload the license file supplied to you by Key Manager Plus.


21. Tools

The Tools category in Key Manager Plus comes with three options that will allow users to independently perform certificate conversion, parsing, and scan domains for vulnerabilities without adding them into the certificate repository. To access the features, navigate to the Tools tab and follow the below steps:

  1. Certificate Signing Requests (CSR) and SSL Parser- The parser tool allows users to upload certificates or their contents directly to the interface and sort the attributes into a readable format.
      1. Choose File Based to upload a CSR or a certificate. Please note that CSR files must be of the .csr format and certificates must be of one of the following formats: .cer, .crt, .der. Click Parse and the results will be displayed below.
      2. Choose Certificate Content Based to paste the contents of a CSR or a certificate instead of uploading the file.

  1. Certificate Format Converter - The converter tool supports one-click conversion for a wide range of certificate formats.

  i. Choose the required certificate format from the Select Option drop-down.

  ii. Click Browse to upload the certificate. Please note that, while converting a certificate from and to the PKCS12 format, you must provide the import key and the keystore password. Upload your certificate, add the required attributes and click Convert; your certificate will be converted to the selected destination format.

  1. Scan Vulnerabilities - The scanner tool allows users to scan any domain for vulnerabilities by entering the domain name and port directly, without adding the certificate to the repository. Once you have entered the domain details, click Start scan. The scan results will be displayed below.