Certificate Manager

Overview¶

Security Certificates plays a vital role in encrypting data sent and transmitted over the network. It essentially helps in providing authentication and an additional realm of security for various Crystal Eye Apps. The Certificate Manager App is used to generate Self-signed Certificates and can also be used to upload External Certificates. The App Polices section can be used to select Security Certificate Users.

Installation¶

The Certificate Manager application is installed by default and can be accessed from the left-hand navigation panel.

Left-hand Navigation Panel > Network Control > Certificate Manager

Self-signed Certificate¶

The Self-signed Certificates generated using Certificate Manager App is considered to be as secure as TLS certificates purchased from external certificate authorities as far as the encryption strength goes but does not provide the automatic authentication that a Certificate Authority does – a self-signed certificate does not protect against Man-in-the-middle-attacks, unless you take steps to manually authenticate (such as installing your own root certificate on local machines). And currently free certificates from certificate authorities are available (notably Lets Encrypt), so even the minor expense of a certificate from a widely supported CA is no longer a reason to use self-signed certificates. Red Piranha does not recommend the use of self-signed certificates for simple security purposes.

Self-signed certificates can be valuable in certain scenarios, particularly when monitoring encrypted network traffic is necessary to enhance security. By enabling the inspection of encrypted traffic, organizations can identify malware and phishing attacks that might otherwise go undetected. While purchasing certificates from a certificate authority incurs additional costs, generating a self-signed certificate on your Crystal Eye appliance provides an alternative.

This process involves installing the self-signed certificate as trusted on local network client machines. The Crystal Eye appliance can then decrypt traffic, scan it for threats, and re-encrypt it with the trusted certificate, allowing traffic monitoring without disrupting encryption. However, this approach should be implemented with caution. While it enables important security features, it may also raise security and privacy concerns. Transparent communication with all users about its implementation is essential to ensure proper understanding and compliance. How to Create, Install, Download or Delete a Self-signed Certificate?

Step 1: In the Certificate Manager app page, enter the Internet Hostname, Organization, Unit, City, State, Province, or Region, Country in the respective text boxes and click the Create Certificate button.

Step 2: Click the Continue button.

Step 3: You will now see the Certificate Manager App controls dashboard. Click the View button in the Certificates section.

Step 4: You will now be able to Install, Download or Delete the Security Certificates.

External certificates¶

Crystal Eye’s Certificate Manager App allows administrators to deploy external or third-party certificates as well.

How to deploy external or third-party certificates?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Add button under External Certificates section.

Step 2: You will now see the Add Certificate page. Enter a Name, upload the Certificate File, Key File, Intermediate File and then click the Add button.

Selecting Security Certificates User¶

This feature would essentially enable an administrator to edit and add new Security Certificates Users.

How to Select Security Certificates Users?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Edit Member button in the App Policies section.

Step 2: You will now see the Security Certificates Users page. Select the Username and select the tick box and click the Update button.