How can I manage my SSL certificates!? Look no further!

00:00

[Music]

00:06

hey everyone Kendall here again so today

00:10

I wanted to do a short video on a tool

00:15

that if you're in a big organization

00:16

this should be very very helpful to you

00:19

guys talking to a bunch of my other IT

00:23

based friends they don't really know

00:26

about this tool a lot of people didn't

00:28

even know it existed a lot of people

00:30

know about this company though but they

00:33

just did not know that there was such a

00:34

tool for SSL based certificates this

00:37

tool does do SSH base certificates as

00:41

well but I'm just going to cover SSL

00:44

because it's just very very useful so as

00:46

you can tell here this is a demo and the

00:49

application is called key manager plus

00:51

it's made by managed engine which is up

00:54

here in the top left hand corner of the

00:55

screen this key manager plus gives you

00:59

just an awesome dashboard probably one

01:01

of the best dashboards I've ever come

01:03

across on any ssl certificate management

01:06

tool and a lot of you guys who are doing

01:09

this in a big organization you know that

01:11

hey if you're going through let's just

01:14

use global sign as an example you get a

01:16

tool that way or any big-name provider

01:19

that you have out there they give you

01:20

some type of tool of them but it's

01:22

nothing to this degree of I guess

01:27

refinement would be the best way I could

01:28

describe it so the nice thing is it

01:30

gives you how many certificates are

01:31

going to expire within you know then 0

01:34

to 30 days 30 to 60 days and then it can

01:37

give you obviously what's already

01:38

expired and it gives you the counts on

01:40

them well that's nice and enough self

01:42

but what it doesn't give you that you

01:44

would think is hey can I just click on

01:46

this and drill down on it well yes you

01:48

can you can click down on the 10 try and

01:50

which ones are expired and it'll

01:52

actually tell you all the information

01:54

about the certificate okay so that's

01:57

pretty sweet right now if that isn't

01:59

sweet enough you can drill down on cloud

02:01

front which was the first certificate

02:03

there as an example you can click on

02:05

this button you can actually export it

02:07

and download that certificate to your

02:09

computer so how sweet is that I mean

02:11

that's ridiculous right

02:13

alright you can go back to the homepage

02:15

and let's say next is 0 to 30 days what

02:20

certificates are expiring in my

02:22

organization Oh facebook as an example

02:25

you know these are all demo sites has

02:27

one day left all right it gives you all

02:30

the information about it like the key

02:31

size who issued it who you need to go

02:34

through to renew it right that type of

02:37

information and through this window of

02:40

course if you wanted no more about it

02:42

like hey I don't really know what this

02:44

ssl certificate here is for cloud let's

02:48

click on that huh okay here's all the

02:52

information about it gives me a founded

02:54

on port 443 it's valid from this date

02:57

and it goes to this date here's the

02:59

alternative names that also the

03:01

certificate uses right so there's a

03:03

couple other sites that the certificate

03:05

does and it's also a gosh I'm just going

03:11

to say asterix but it's basically a you

03:13

know it's for this whole HDFC Bank com

03:17

sorry I can't think of the stupid word

03:18

that you want to use there but anyways

03:20

um so you know that information it's a

03:23

sha-1 using RSA right for the encryption

03:26

for the key algorithm I mean there's

03:28

just so much and again you can export it

03:30

right out through this window come back

03:33

to home here same thing for 30 to 60

03:35

days okay the other cool thing is is

03:37

this gives you the how many certificates

03:40

it actually finds in your organization

03:43

so you can view your certificates it

03:45

tells you like an orange here this is

03:47

how many certificates i have in the key

03:49

store which is a function basically

03:51

where you can use the store keys within

03:54

the application and that does eat up

03:57

licenses and there is a way I guess I'm

04:00

not necessarily going to say around that

04:01

but there's a better use of the tool

04:03

that I found to use and if you guys want

04:05

more information about that I can go

04:07

into details on it and then tells you

04:09

obviously how much how many ssh-keys you

04:12

have and then here you can click view

04:13

all and it'll view all the keys the

04:15

licenses that you have in your

04:16

environment over here obviously it gives

04:19

you all the different certificates who

04:21

they're issued by right and a nice

04:23

graphical pie chart I mean this is great

04:25

for management

04:26

but also as like if you have a

04:29

monitoring team or a management team

04:31

that manages all these certificates and

04:33

they need to know when their upcoming me

04:35

this is just a great great tool it also

04:39

integrates with active directory let's

04:42

see if this is yeah so through their

04:43

demo on their site you can use your

04:45

active directory it works with multiple

04:47

domains i have tested this i know at

04:49

least six domains it works with and

04:51

users can log on with that's the most

04:54

amount of domains I've tested it with

04:56

you can assign groups just like you

04:58

would to any type of tool it works

05:00

really really well has a mail server

05:03

setting it can automatically mail let's

05:07

say 0 to 30 days you want to know when

05:09

that window of certificates are going to

05:11

expire it can email you a generated list

05:14

of all those certificates so every month

05:16

you're on top of your certificates this

05:19

may sound like I'm getting paid by them

05:20

I'm not getting paid by them I just find

05:23

this an extremely helpful tool and the

05:26

crazy thing about this is this tool is

05:27

dirt dirt dirt cheap okay I mean dirt

05:30

cheap for a thousand licenses on the

05:33

certificate you're going to pay two

05:35

thousand dollars as an annual contract

05:37

that is ridiculously cheap I'm not going

05:40

to tell you guys who I work for but we

05:43

spend a lot more on tools that do a lot

05:46

less let's just put it that way this

05:48

tool is amazing and especially for two

05:51

thousand dollars right if you have your

05:54

ssl certificates over here the other

05:57

cool thing about it is you can create

05:59

your CSRs and you can create your CSRs

06:02

and stores all your passwords here all

06:05

right so like this one's managed engine

06:06

they might all be that nope they're

06:08

different but it stores all your

06:11

passwords here so okay now you have your

06:12

private key inside a store that's

06:16

centrally managed right you can create

06:18

your csr and now you can send it off to

06:21

whoever needs to be signed by and after

06:23

you've gotten that signed right publicly

06:26

you basically can take that certificate

06:29

and use it wherever you want on your

06:31

devices which is super super slick but

06:34

the nice thing about this is it keeps

06:36

all this in one central location every

06:38

single time you create a csr

06:40

which is just amazing to me you know

06:41

unless your business is a hundred

06:43

percent through what's a global sign as

06:45

an example it's a nightmare if you have

06:50

internal certificate servers that you're

06:53

using to issue certificates and you're

06:55

creating CSR is that way you don't have

06:57

a management tool it's just a nightmare

06:59

and I know this firsthand so on this

07:01

tool is just well worth the money and a

07:03

lot of you people out there in

07:05

organization probably aren't going to

07:07

have a thousand certificates that you

07:09

need to manage if I'm gonna have

07:10

somewhere around 200 right and it's very

07:13

reasonable I think it starts off at like

07:14

a hundred dollars for this tool if you

07:16

have you know 100 or 200 certificates

07:19

and you can obviously get a quote up on

07:20

the top here you can call them you can

07:23

go to their site which is managed engine

07:26

com and they have tons and tons of

07:30

different tools there but I really

07:32

wanted to make people aware about this

07:35

tool because it is fairly new on the

07:37

market and it is a very good tool for

07:40

what it does you could streamline your

07:42

whole process if you wanted using a

07:44

certificate request basically let's say

07:46

this would be your ticket generation

07:48

process let's say you have a team that's

07:52

generating these requests you have

07:54

another team that's managing those

07:56

certificates that could then come to the

07:57

CSRs that create the CSRs once the CSRs

08:01

are created they then get them signed

08:02

either internally or externally and once

08:05

they're done they can come back to this

08:07

request let's say this is ticket right

08:09

for demo they're all closed so let's

08:12

just add one and we'll just call it a

08:13

testing testing testing com number of

08:21

days let's say watch 704 days and it's

08:24

for XYZ calm all right ok so it's

08:30

disabled for the demo but I know

08:32

firsthand because i have used this tool

08:35

you can after its that if you haven't

08:38

closed the ticket yet and it's open you

08:40

can click on the ticket and then when

08:41

you go to close the ticket you can

08:43

actually attach the certificate that you

08:45

got from global sign or your internal

08:48

certificate authority whoever you got

08:50

that

08:50

publicly signed by you can attach that

08:52

into this certificate request area which

08:55

basically closes changes the status the

08:57

closed and then it will email that

08:59

certificate internally without the

09:01

passwords right to whoever needs that

09:04

certificate and then the nice thing is

09:06

if they have active directory

09:07

credentials they can come here under

09:10

certificates or sorry under CSRs and

09:13

then they can view the passphrase

09:14

further certificate so then it's all

09:17

centering centrally managed it's not

09:19

emailed out anywhere and it's just kept

09:21

really really safe I'm sorry I'm not

09:24

trying to rank here but I just wanted to

09:26

touch all the topics on this just for

09:29

SSL and what it does because it is a

09:31

very very valid tool and you can

09:34

generate reports with it there's so much

09:36

more you can do with this tool and I'll

09:38

let you guys check it out I appreciate

09:40

you guys for watching and hopefully you

09:42

guys learned something