Skip to content

Certificate Manager

Overview


Security Certificates plays a vital role in encrypting data sent and transmitted over the network. It essentially helps in providing authentication and an additional realm of security for various Crystal Eye Apps. The Certificate Manager App is used to generate Self-signed Certificates and can also be used to upload External Certificates. The App Polices section can be used to select Security Certificate Users.

Installation


The Certificate Manager application is installed by default and can be accessed from the left-hand navigation panel.


Left-hand Navigation Panel > Network Control > Certificate Manager crystal_eye_xdr_navigate_to_certificate_manager

Self-signed Certificate


The Self-signed Certificates generated using Certificate Manager App is considered to be as secure as TLS certificates purchased from external certificate authorities as far as the encryption strength goes but does not provide the automatic authentication that a Certificate Authority does – a self-signed certificate does not protect against Man-in-the-middle-attacks, unless you take steps to manually authenticate (such as installing your own root certificate on local machines). And currently free certificates from certificate authorities are available (notably Lets Encrypt), so even the minor expense of a certificate from a widely supported CA is no longer a reason to use self-signed certificates. Red Piranha does not recommend the use of self-signed certificates for simple security purposes.

However, self-signed certificates have their uses. There are circumstances where it is appropriate to monitor network users use of encrypted traffic, potentially increasing security by enabling scanning of traffic from encrypted sources for malware and phishing attacks. Generating a self-signed certificate on. Moreover, purchasing a certificate from a certificate authority would result in an added expenditure to purchase them. Your Crystal Eye appliance, installing that certificate as trusted on local network client machines, and then using the Crystal Eye appliance to decrypt traffic, scan it, and then re-encrypt with the trusted certificate will enable monitoring of traffic by Crystal Eye without otherwise interrupting encryption. We recommend that this step be carefully considered – it enables some security features, but can cause other security and privacy concerns, and making sure all users are aware of it is recommended.

How to Create, Install, Download or Delete a Self-signed Certificate?

Step 1: In the Certificate Manager app page, enter the Internet Hostname, Organization, Unit, City, State, Province, or Region, Country in the respective text boxes and click the Create Certificate button.

crystal_eye_xdr_create_certificate1

Step 2: Click the Continue button.

crystal_eye_xdr_create_certificate2

Step 3: You will now see the Certificate Manager App controls dashboard. Click the View button in the Certificates section.

crystal_eye_xdr_create_certificate3

Step 4: You will now be able to Install, Download or Delete the Security Certificates.

crystal_eye_xdr_create_certificate4

External certificates


Crystal Eye’s Certificate Manager App allows administrators to deploy external or third-party certificates as well.

How to deploy external or third-party certificates?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Add button under External Certificates section.

crystal_eye_xdr_add_external_certificates1

Step 2: You will now see the Add Certificate page. Enter a Name, upload the Certificate File, Key File, Intermediate File and then click the Add button.

crystal_eye_xdr_add_external_certificates2

Selecting Security Certificates User


This feature would essentially enable an administrator to edit and add new Security Certificates Users.

How to Select Security Certificates Users?

Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Edit Member button in the App Policies section.

crystal-eye-xdr-selecting-security-certificate-users1

Step 2: You will now see the Security Certificates Users page. Select the Username and select the tick box and click the Update button.

crystal-eye-xdr-selecting-security-certificate-users2