SSH Key, SSL Certificate and Key Store

 

1. Overview

Key Manager Plus helps you with SSH key management, SSL certificate management, and additionally provides a secure repository to store any type of digital key file.

 

2. SSH Key Management

Key Manager Plus allows you to centrally manage SSH keys, SSH servers and their users.

  • SSH Servers – Discover SSH servers and enumerate the user accounts available in them. Also, enter the credentials of user accounts.
  • SSH Users – Enter credentials of the users of discovered SSH servers, or associate them with SSH keys. You can also connect with an SSH resource from a user account (after association of key).
  • SSH Keys – Create or import SSH keys, export existing keys, associate them with the enumerated users, or rotate the deployed keys. In addition, locate keys available in the discovered servers, and manage them too.

2.1 Operations with SSH Keys in Key Manager Plus

i. Discover SSH Servers

Click the Discovery tab in the side panel, select the SSH radio button, and choose to discover SSH servers by their hostnames or IP addresses individually or simultaneously. The list of discovered servers can be viewed from the SSH >> SSH servers tab.

ii. Input User Credentials

Click the SSH >> SSH servers tab in the side panel and click the 'Credentials' icon available in the left corner of the screen. When you check the 'Root/Administrator' checkbox and enter the appropriate credentials, access is provided to all the user accounts in the server.

Alternatively, SSH keys and the SSH users side tabs can also be used to create, deploy, and manage the keys, and also manage all the user accounts available in the discovered resources.

iii. Create and Deploy Keys

To create keys and deploy them in the respective user accounts in the target server, click the SSH >> SSH servers tab in the side panel and click the 'Create and Deploy' icon in the right corner of the screen.

iv. Rotate Keys

To rotate the keys, navigate to SSH >> SSH keys tab and select the keys to be rotated. Click the 'Rotate' button available below the header bar to rotate the keys.

 

3. SSL Certificate Management

  • Discover all SSL certificates in your network or import certificates from your system.
  • Create self-signed certificates and CSRs (Certificate Signing Requests).
  • Raise requests for new certificates or addition of sub-domains to existing certificates.
  • Receive notifications when certificates are about to expire. Customize the notification schedule.
  • Identify certificates signed with weak signature algorithms.

3.1. Operations with SSL Certificates in Key Manager Plus

i. Discover Certificates

Discover the certificates in your network by navigating to the Discovery tab in the side panel, choosing the SSL radio button, and specifying the hostnames or IP addresses of the servers on which they are used. A list of the discovered certificates is enumerated in the SSL >> Certificates tab.

ii. Create Certificates or CSRs

Create self-signed certificates, or CSRs, from the SSL >> Certificates or SSL >> Create CSR tabs respectively. The new certificate and its details are appended to the respective tabs.

iii. Request Certificates

Add requests for certificates from the SSL >> Certificate request tab. Click the Add request button to raise a new request. Enter your request details and attach a CSR to your request. Keep track of your requests from the SSL >> Certificate request tab.

iv. Customize Notification Schedule

Navigate to the Settings >> Notification tab and select the SSL Certificate expiry option and configure the number of days, and whether to receive notifications via email and/or syslog.

v. Identify Weak Certificates

Certificates encrypted with vulnerable SHA-1 algorithm are tracked and displayed in the Dashboard.

 

4. Key Store

Add any digital key to the secure repository of Key Manager Plus. Update the key versions, and export the same or retrieve previous versions of a key for disaster recovery.

 
 
 

4.1. Operations with Key Store in Key Manager Plus

i. Add Keys

Add keys to Key Manager Plus's repository, from the Key Store tab. Key Manager Plus stores the digital key along with its details in the repository. You can edit the details of the key to organize, search, and locate them faster. You can specify the details of the key such as its type (for eg. AWS-RSA), optional passphrase, and map the key to its deployed server instance by specifying server details such as the instance name (for eg. AWS-KMP server), data center (for eg. AWS-North Central U.S), and so on.

ii. Update Keys

Details of the keys imported into the Key Store can be updated by clicking the Update Key icon. The earlier version of the key is still available and can be retrieved by clicking the Key version icon.

iii. Export Keys

The keys available in the Key Store can be exported using the Export key icon. In addition, you can export earlier versions of the key by navigating to the Key version window.

Top