Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus
With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever.

From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role.

Managing SSL certificates across networks to ensure protection and prevent unanticipated failures is critical, and it also becomes complicated with multiple locations, divisions as well as the fastest growing use of external cloud-based services.

This not only complicates the process of managing individual SSL certificate and SSH key for an administrator but also costs organizations heavily.

A key solution for this issue is to use an advanced and efficient SSL certificate and SSH Key management system.

An effective solution enables an organization to know what kinds of certificates and keys it has, simplifies certificate discovery and monitor across multiple vendors, and also automates certificate renewal and transfer process.

We recently got an opportunity to test and review Key Manager Plus from ManageEngine, which is a division of Zoho Corporation that develops remote administration software for IT businesses.

And we were quite impressed by this product that simplifies even complex processes of key management, where most organizations fail, leaving themselves vulnerable to cyber attacks.

ManageEngine Key Manager Plus

ManageEngine Key Manager Plus is a comprehensive, web-based solution that offers centralized management and visibility over the SSL certificates and SSH keys across any organization and helps administrators accurately monitor and manage them.

This application comes with a web-based interface that works on any modern web browser such as Edge, Firefox, and Chrome and you can easily deploy it on your computer with an automated installer.

The dashboard of this application is designed in such a way that after login, you get a broad and easily understandable graphical presentation of all digital assets (SSL certs and SSH keys) used by your organization.

Its user interface and easy to navigate features offer users to keep track of all important details, like the algorithm's encryption type, key length, the creation date of any issue and control new certificate signing requests, as well as access to wider range of tools.
Besides centrally creating and deploying new keys, ManageEngine Key Manager Plus also allows administrators to harden security policies by:

1. Periodically Rotating Key Pairs: Automatically rotating privileged SSH key pairs prevents misuse of keys, reduces security risks, meets compliance requirements and minimizes the operational burden on IT teams.

2. Delete Unwanted Keys: It is always important to monitor the environment in order to determine which keys are no longer in use and removing them. Key Manager Plus does same. It prevents unauthorized access to privileged accounts by removing unwanted SSH keys from vulnerable endpoints.

3. Terminate or Regulate access: Generally, in a large organization, SSH access is neither controlled nor monitored, which is a cause of most cyber threats to an organization. Administrators can easily monitor and terminate access anytime to prevent violations by obsolete accounts.

4. Alerts and Notifications: Besides key management, it is always important for an administrator to keep track of SSL certificates, which are about to expire or invalid in order to prevent downtime. This application allows you to set customizable and recurring notifications that alert you when the validity of your SSL cert is about to expire.

Switching to SHA-2 SSL Certificates [Migration Guide]

Nearly a million websites on the Internet are using an insecure algorithm, and leading web browsers, including Chrome and Firefox, have already declared that they could start rejecting website using potentially vulnerable SHA-1 certificates.

Since SHA-1 certs could result in system downtime, errors, and security threats, all organizations need to migrate to SHA-2 signed certificates before January 1, 2017.

ManageEngine solves this issue as well. Here's a quick step-by-step guide on how to find and replace SHA-1 with secure SHA-2 certificates in your organization using ManageEngine Key Manager Plus.

Conclusion: ManageEngine Key Manager Plus is an efficient and user-friendly solution that not only helps network administrators bypass complicated and time-consuming compliance processes by providing all the necessary tools for monitoring and managing SSL certificates and SSH keys in the first place, but also predict and prevent security breaches at their organizations.

So, if ManageEngine Key Manager Plus fits for your organization, you can give it a try. The company offers three edition of the latest Key Manager Plus version is 4.5, which includes:
  • Free Edition: This version of Key Manager Plus is free for lifetime and offers you to manage up to 5 keys in an organization.
  • Evaluation Edition: This version is a 30-day evaluation edition that allows you to manage up to 10 keys in an organization (Number of keys can be increased based on request during the period of evaluation).
  • Standard Edition: The prices for this edition start at $595 per year for managing 50 keys.
All editions of ManageEngine Key Manager Plus can be downloaded (Windows/Linux) directly from the ManageEngine official website, and an online demo is also available, in case you want to have a quick look to the application.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.