Top

Key Manager Plus - User Manual

Overview

ManageEngine Key Manager Plus is a web-based key management solution that helps you consolidate, control, manage, monitor, and audit the entire life cycle of SSH (Secure Shell) keys and SSL (Secure Sockets Layer) certificates. It provides visibility into the SSH and SSL environments and helps administrators take total control of the keys to preempt breaches and compliance issues.

What Problems Does ManageEngine Key Manager Plus Solve?

Safeguarding data in transit has always been a big challenge for security administrators. While SSH keys have helped organizations ensure security in remote administrative access and data transfer, digital keys present some unique challenges.

Usually, SSH keys are left unmonitored and unmanaged, making organizations vulnerable to cyber attacks. In the absence of an automated system, getting the list of all the keys in use, finding and restricting access privileges, and ensuring periodic rotation is a herculean task.

Similarly, managing a Secure Socket Layer (SSL) environment can be daunting when organizations use a large number of SSL certificates issued by different vendors with varying validity periods. On the other hand, SSL certificates left unmonitored and unmanaged could expire, or rogue/invalid certificates could be used. Both scenarios could lead to service downtime or display of error messages that would destroy customer trust in data security and, in extreme cases, even result in security breaches.

ManageEngine Key Manager Plus has been designed to solve all these issues and serves a one-stop solution for managing all digital identities.

Prerequisite Software

There is no prerequisite software installation required to use Key Manager Plus. The standard system (hardware and software) requirements as mentioned below plus an external mail server (SMTP server) are essential for the functioning of Key Manager Plus server and to send various notifications to users.

Hardware Operating systems Web Interface

Processor

  • 1.8 GHz Pentium® processor

RAM

  • 2 GB

Hard Disk

  • 300 MB for product
  • 10 GB for database

Windows

  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Vista
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003
  • Windows 2000 Server / Professional

Linux

  • Ubuntu 9.x and above
  • CentOS 4.4 & above
  • Red Hat Linux 9.0
  • Red Hat Enterprise Linux 5.3, 5.4, 5.5
  • Key Manager Plus normally works well with any flavor of Linux.
  • Note: Key Manager Plus can be run on VMs of the above operating systems.

HTML client requires one of the following browsers** to be installed in the system:

  • IE 7 and above (on Windows)
  • Chrome, Firefox, and Safari (on Windows, Linux and Mac)

**Key Manager Plus is optimized for 1280 x 800 resolution and above.

Database

  • PostgreSQL 9.2.4, bundled with the product.

Components of Key Manager Plus

Key Manager Plus consists of the following components:

Installing Key Manager Plus

In Windows

In Linux

Starting & Shutting Down Key Manager Plus

In Windows

Using Start Menu Using Tray Icon

From Start >> Programs >> ManageEngine Key Manager Plus menu, you can do the following:

  • Start Key Manager Plus.
  • Start server (as administrator).
  • Stop server.
  • Uninstall Key Manager Plus.

Once you install Key Manager Plus, in the windows tray area on the far right end of your task bar, you will find the icon for Key Manager Plus. Right click the tray icon and click the desired operation

Right click the tray icon and click the desired operation

  • Start Key Manager Plus Service (as administrator).
  • Stop Key Manager Plus Service.
  • Key Manager Plus web console.
  • Show Startup Logs.
  • Startup options.

In Linux

Installing as Startup Service Starting & Stopping the Server as Service
  • Login as root user.
  • Open a console and navigate to <KeyManagerPlus_Home>/bin directory.
  • Execute "sh keymanagerplus.sh install" (In Ubuntu, execute as "bash keymanagerplus.sh install").
  • To uninstall, execute the script "sh keymanagerplus.sh remove".

To start Key Manager Plus as a service in Linux

  • Login as root user.
  • Execute /etc/rc.d/init.d/sshkeymanagerplus-service start
  • Key Manager Plus server runs in the background as service.

    To stop Key Manager Plus Server started as service in Linux

  • Execute /etc/rc.d/init.d/sshkeymanagerplus-service stop (as root user).

Connecting Web Interface

1.Automatic Browser Launch

Once the server is started successfully, a browser is automatically launched with the Key Manager Plus login screen. As the connection is through HTTPS, you will be prompted to accept security certificate. Hit 'Yes' and then type the user name and password in the login screen and press Enter. For an unconfigured setup, the default user name and password will be admin and admin respectively. Every time you start the server, the browser will be automatically launched.

2.Launching the Web Client Manually

In the case of windows, you can also launch the web client manually from the Windows Tray. Right-click the Key Manager Plus tray icon and click "Key Manager Plus Web Console". A browser would be launched with the Key Manager Plus login screen. As the connection is through HTTPS, you will be prompted to accept security certificate. Hit 'Yes' and then type the user name and password in the login screen and press Enter. For an unconfigured setup, the default user name and password will be admin and admin respectively. Every time you start the server, the browser will be automatically launched.

In the case of Linux, open a browser and connect to the URL

https://<hostname>:portnumber/

where hostname - host where Key Manager Plus Server is running; Default port – 6565

Example: https://localhost:6565.

3.Connecting the Web Client in Remote Hosts

To connect web clients in a different machine from the one in which Key Manager Plus is running, open a browser and connect to the URL

https://<hostname>:port

As the connection is through HTTPS, you will be prompted to accept security certificate. Hit 'Yes' and then type the user name and password in the login screen and press Enter. For an unconfigured setup, the default user name and password will be admin and admin respectively. Every time you start the server, the browser will be automatically launched.

Ports Used by Key Manager Plus

Key Manager Plus uses the following two ports:

  1. PostgreSQL port :53306
  2. Web client port :6565

Backend Database

Key Manager Plus supports PostgreSQL as the backend database. It is bundled with the product and, by default, the product is configured to run with it.

Moving Key Manager Plus Installation Within Same Machine / From One Machine to Another

If you want to move the Key Manager Plus installed in one machine to another or to a different location within the same machine, follow the procedure detailed below:

  1. Prerequisite
    • Do not remove existing installation of Key Manager Plus until the new installation works fine. This is to ensure backup to overcome disasters/data corruption during the movement.
  2. Procedure
    • Take backup of the current database. Install the same version of Key Manager Plus (as the version of which backup was taken) in the new machine.
    • Restore the backup data in the new installation.

Quick Start Guide

Refer to the "Getting Started" section of help documentation

For any assistance, please contact
keymanagerplus-support@manageengine.com / Toll Free: + 1-888-720-9500

Licensing

There are three license types for ManageEngine Key Manager Plus:

Evaluation Version Free Version Registered version
  • Fully Functional
  • Valid for 30 days
  • Supports upto 100 keys*
  • Valid forever
  • Supports upto 5 keys*
  • The licensing is based on the number of managed keys*

The term 'Keys' refers to the number of SSH private keys plus SSL certificates plus any other digital key being managed.

 

Note: Key Manager Plus provides two user roles – Administrator and Operator. For more details on the user roles, refer to this section of our help documentation.

For more information, contact sales@manageengine.com