Key Manager Plus runs as a HTTPS service. It requires a valid SSL certificate issued by trusted Certificate Authority (CA), with the common name as the name of the host on which it runs. By default, during the first time start-up, Key Manager Plus utilizes the certificate issued for the domain 'demo.keymanagerplus.com' that comes bundled with the product. This certificate will not be trusted by browsers and a security error will be thrown when users try to access the Key Manager Plus server. Thus, users have to manually verify the hostname and force the browsers to accept the certificate.
To make browsers automatically verify and authenticate users, you need to upload trusted third party CA certificates to Key Manager Plus server. Since Key Manager Plus itself serves as a repository for securing SSL certificates, you can upload certificates directly from it (provided you have already consolidated the certificates in Key Manager Plus). You can also browse and add certificates from your system, or you can request for new certificates from a trusted third party CA, and then upload it in Key Manager Plus server.
To upload a certificate already existing in its repository to the Key Manager Plus server,
Follow the steps mentioned below to upload a certificate obtained from trusted CA to Key Manager Plus server.
If you don't provide the intermediate certificate and Key Manager Plus is unable to trace it, there's a chance that browsers might not recognize your certificate and security errors will be thrown.
You can request and sign certificates from the Microsoft Certificate Authority within your network, and then install it on your Key Manager Plus server. To request and acquire certificates from your Microsoft Certificate Authority,
After creating the CSR, you have to forward it to the Microsoft Certificate Authority, which signs it and issues the SSL certificate for the requested domain.
You have to then install the acquired certificate on Key Manager Plus server.
You can also request for new certificates from trusted third party CAs, and upload the same in your Key Manager Plus server.
Click here to learn more about requesting and acquiring third party SSL certificates from Key Manager Plus
Click here to learn more about directly acquiring Let's Encrypt CA certificates by leveraging Key Manager Plus' integration with Let's Encrypt
After procuring and consolidating the third party SSL certificates in Key Manager Plus repository, repeat the same steps under the first case to upload the certificate to Key Manager Plus server.
The certificate you upload will be checked for the following criteria by Key Manager Plus server: certificate - private key match, expiration date, revocation status, certificate chain and Certificate Authority (Java trust store). If there's any unfulfillment or mismatch, a pop-up window will open prompting for your confirmation to upload the certificate. You can still go ahead and upload the certificate but reputed browsers might not recognize the certificate and throw security errors.