Certificate Manager
Overview¶
Security Certificates plays a vital role in encrypting data sent and transmitted over the network. It essentially helps in providing authentication and an additional realm of security for various Crystal Eye Apps. The Certificate Manager App is used to generate Self-signed Certificates and can also be used to upload External Certificates. The App Polices section can be used to select Security Certificate Users.
Installation¶
The Certificate Manager application is installed by default and can be accessed from the left-hand navigation panel.
Navigation to Certificate Manager Application Page¶
Left-hand Navigation Panel > Network Control > Certificate Manager |
---|
Self-signed Certificate¶
The Self-signed Certificates generated using Certificate Manager App is considered to be as secure as TLS certificates purchased from external certificate authorities as far as the encryption strength goes but does not provide the automatic authentication that a Certificate Authority does – a self-signed certificate does not protect against Man-in-the-middle-attacks, unless you take steps to manually authenticate (such as installing your own root certificate on local machines). And currently free certificates from certificate authorities are available (notably Lets Encrypt), so even the minor expense of a certificate from a widely supported CA is no longer a reason to use self-signed certificates. Red Piranha does not recommend the use of self-signed certificates for simple security purposes.
However, self-signed certificates have their uses. There are circumstances where it is appropriate to monitor network users use of encrypted traffic, potentially increasing security by enabling scanning of traffic from encrypted sources for malware and phishing attacks. Generating a self-signed certificate on. Moreover, purchasing a certificate from a certificate authority would result in an added expenditure to purchase them. Your Crystal Eye appliance, installing that certificate as trusted on local network client machines, and then using the Crystal Eye appliance to decrypt traffic, scan it, and then re-encrypt with the trusted certificate will enable monitoring of traffic by Crystal Eye without otherwise interrupting encryption. We recommend that this step be carefully considered – it enables some security features, but can cause other security and privacy concerns, and making sure all users are aware of it is recommended.
How to Create, Install, Download or Delete a Self-signed Certificate?
Step 1: In the Certificate Manager app page, enter the Internet Hostname, Organization, Unit, City, State, Province, or Region, Country in the respective text boxes and click the Create Certificate button.
Step 2: Click the Continue button.
Step 3: You will now see the Certificate Manager App controls dashboard. Click the View button in the Certificates section.
Step 4: You will now be able to Install, Download or Delete the Security Certificates.
External certificates¶
Crystal Eye’s Certificate Manager App allows administrators to deploy external or third-party certificates as well.
How to deploy external or third-party certificates?
Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Add button under External Certificates section.
Step 2: You will now see the Add Certificate page. Enter a Name, upload the Certificate File, Key File, Intermediate File and then click the Add button.
Selecting Security Certificates User¶
This feature would essentially enable an administrator to edit and add new Security Certificates Users.
How to Select Security Certificates Users?
Step 1: After creating a Self-signed certificate, you will be directed to Certificate Manager app controls dashboard. Click the Edit Member button in the App Policies section.
Step 2: You will now see the Security Certificates Users page. Select the Username and select the tick box and click the Update button.