Web-based SSH Key and SSL Certificate Management Solution for Enterprises
ManageEngine Key Manager Plus is a web-based key management solution that helps you consolidate, control, manage, monitor, and audit the entire life cycle of SSH (Secure Shell) keys and SSL (Secure Sockets Layer) certificates. It provides visibility into the SSH and SSL environments and helps administrators take total control of the keys to preempt breaches and compliance issues.
What Problems Does ManageEngine Key Manager Plus Solve?
Safeguarding data in transit has always been a big challenge for security administrators. While SSH keys have helped organizations ensure security in remote administrative access and data transfer, digital keys present some unique challenges.
Usually, SSH keys are left unmonitored and unmanaged, making organizations vulnerable to cyber attacks. In the absence of an automated system, getting the list of all the keys in use, finding and restricting access privileges, and ensuring periodic rotation is a herculean task.
Similarly, managing a Secure Socket Layer (SSL) environment can be daunting when organizations use a large number of SSL certificates issued by different vendors with varying validity periods. On the other hand, SSL certificates left unmonitored and unmanaged could expire, or rogue/invalid certificates could be used. Both scenarios could lead to service downtime or display of error messages that would destroy customer trust in data security and, in extreme cases, even result in security breaches.
ManageEngine Key Manager Plus has been designed to solve all these issues and serves a one-stop solution for managing all digital identities.
SSH Key Management With Key Manager Plus
Discover SSH systems in the network, enumerate users, and private keys.
Consolidate and Store
Consolidate all discovered SSH keys in a secure, centralized repository.
Create and Deploy
Create new key pairs, associate with users, and deploy on target systems.
Rotate Keys Periodically
Rotate key pairs automatically at periodic intervals.
View Key User Relationship
Get a holistic view of the key to user relationship across the organization.
Launch Direct Connection
Launch a direct SSH connection with target systems.
Audit and Track
Audit and track all user activities and generate reports.
Restrict and Regulate Access
Associate specific resources to users and establish granular access controls.
Manage SSH keys better, comply with regulations such as SOX, FISMA, PCI, and HIPAA.
Configure Key Management Policy
Enforce policies for key creation. Remove all existing keys for a fresh start or append new keys.
Active Directory Integration
Import users / user groups from Windows Active Directory and also leverage the authentication mechanism.
Schedule Database Backup
Provision for scheduled backup of entire database for disaster recovery.
SSL Certificate Management With Key Manager Plus
Discover all SSL certificates deployed in the network.
Consolidate all discovered certificates in a secure, centralized repository.
Track Certificate Details
Track the name of the CA, date of issue, encryption algorithm, key length and other vital details.
Control Certificate Signing Requests
Centrally control new Certificate Signing Requests (CSR) process. Get ready-to-use CSR data files.
Receive alerts about the certificates that are about to expire.
Ensure usage of strong encryption algorithms key lengths. Identify and eliminate weak ones such as SHA-1 certificates.
Benefits of Key Manager Plus
Gain complete visibility of all SSH keys and SSL certificates present in the organization and achieve centralized control.
Remove all existing public key-user trust relationships and generate new key pairs. Deploy the new public keys to users in bulk with just a couple of clicks.
Tighten security by periodically rotating keys and prevent their misuse.
Launch direct connections to remote devices by using the keys present in Key Manager Plus, saving time and enhancing productivity.
Delete any unwanted keys from the database, terminate access immediately, and prevent violations by obsolete accounts.
Get customizable, recurring notifications when the validity of an SSL certificate is about to expire.
Eliminate service downtime or display of error messages due to expired/invalid/rogue SSL certificates.
Supported platforms for product installation : Windows, Linux
Authentication : Local, Active Directory (for Windows)
Supported SSH version : v2
Backend database : PostgreSQL (bundled with the product)
Discovery : Agentless
Supported protocols : RSA (1024/2048/4096 bit) and DSA (1024 bit)