Organizations should follow standardized security policies for generating CSRs and certificates. However, when users generate CSRs independently, they tend to use outdated encryption algorithms or key lengths to sign the certificates, that violate these policies and leaves the network vulnerable to cyber-attacks.
The certificate and CSR creation process should be centralized, so that administrators can ensure that the certificates and the keys used to sign them are generated in accordance with the organization's security policies and NIST recommended algorithms. Also, the administrators need a method to identify and delete certificates that do not follow these practices.
Key Manager Plus helps automate the identification of vulnerable certificates in your network. It automatically identifies the certificates that are signed with weak algorithms like SHA-1. Also, the encryption algorithms, key lengths and other details of the rest of the certificates too can be tracked from Key Manager Plus, which helps you identify and remediate certificates that do not follow security policies of the organization.
Key Manager Plus is integrated with ManageEngine’s Password Manager Pro, to provide unified privileged identity management platform.
ManageEngine’s Key Manager Plus enables us to stay on top of SSL certificates for all of our websites. With Key Manager Plus, we’re able to monitor which certificates are nearing expiration and roll out new certificates in a timely manner.Ken Odibe Senior cloud infrastructure consultant, Sapphire systems.