Skip to content

Certificate Manager

Overview


Security Certificates plays a vital role in encrypting data sent and transmitted over the network. It essentially helps in providing authentication and an additional realm of security for various Crystal Eye Apps. The Certificate Manager App is used to generate Self-signed Certificates and can also be used to upload External Certificates. The App Polices section can be used to select Security Certificate Users.

Installation


The Certificate Manager application is installed by default and can be accessed from the left-hand navigation panel.


Left-hand Navigation Panel > Network Control > Certificate Manager crystal_eye_xdr_navigate_to_certificate_manager

Self-signed Certificate


The Self-signed Certificates generated using Certificate Manager App is considered to be as secure as TLS certificates purchased from external certificate authorities as far as the encryption strength goes but does not provide the automatic authentication that a Certificate Authority does – a self-signed certificate does not protect against Man-in-the-middle-attacks, unless you take steps to manually authenticate (such as installing your own root certificate on local machines). And currently free certificates from certificate authorities are available (notably Lets Encrypt), so even the minor expense of a certificate from a widely supported CA is no longer a reason to use self-signed certificates. Red Piranha does not recommend the use of self-signed certificates for simple security purposes.

Self-signed certificates can be valuable in certain scenarios, particularly when monitoring encrypted network traffic is necessary to enhance security. By enabling the inspection of encrypted traffic, organizations can identify malware and phishing attacks that might otherwise go undetected. While purchasing certificates from a certificate authority incurs additional costs, generating a self-signed certificate on your Crystal Eye appliance provides an alternative.

This process involves installing the self-signed certificate as trusted on local network client machines. The Crystal Eye appliance can then decrypt traffic, scan it for threats, and re-encrypt it with the trusted certificate, allowing traffic monitoring without disrupting encryption. However, this approach should be implemented with caution. While it enables important security features, it may also raise security and privacy concerns. Transparent communication with all users about its implementation is essential to ensure proper understanding and compliance. How to Create, Install, Download or Delete a Self-signed Certificate?

Step 1: In the Certificate Manager app page, enter the Internet Hostname, Organization, Unit, City, State, Province, or Region, Country in the respective text boxes and click the Create Certificate button.

crystal_eye_xdr_create_certificate1

Step 2: Click the Continue button.

crystal_eye_xdr_create_certificate2

Step 3: You will now see the Certificate Manager App controls dashboard. Click the View button in the Certificates section.

crystal_eye_xdr_create_certificate3

Step 4: You will now be able to Install, Download or Delete the Security Certificates.

crystal_eye_xdr_create_certificate4

External certificates


Crystal Eye’s Certificate Manager App allows administrators to deploy external or third-party certificates as well.

How to deploy external or third-party certificates?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Add button under External Certificates section.

crystal_eye_xdr_add_external_certificates1

Step 2: You will now see the Add Certificate page. Enter a Name, upload the Certificate File, Key File, Intermediate File and then click the Add button.

crystal_eye_xdr_add_external_certificates2

Selecting Security Certificates User


This feature would essentially enable an administrator to edit and add new Security Certificates Users.

How to Select Security Certificates Users?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Edit Member button in the App Policies section.

crystal-eye-xdr-selecting-security-certificate-users1

Step 2: You will now see the Security Certificates Users page. Select the Username and select the tick box and click the Update button.

crystal-eye-xdr-selecting-security-certificate-users2