Basic and advanced search

Screenshot 2019-11-06 at 10.39.18.png

New Search feature allows you to find a specific digital certificate, scan profile or any other object in your Keyhub workspace.

To run a Basic search, type the name or title of any object to perform search in the following certificate fields:

  • Common name,
  • SHA256 Thumbprint,
  • SHA1 Thumbprint,
  • Serial,
  • Country,
  • Locality,
  • Organization,
  • Organizational unit,
  • SANs.

Use Advanced search filters to narrow down results to only the answers that meet specific criteria. In the Advanced Search window, you will see a number of parameters that you can use to search for objects.

Self-Signed certificate generator

self-signed.PNG Use UI-based tools to generate a self-signed SSL certificate and key on the client-side for internal, development or personal use. To do this go to the Tools section >> hit Self-Signed certificate generator >> fill in all the required fields >> press Generate.

Note: Keyhub does not generate or store a private key on the server-side. Private Key material is generated on the client-side machine in your browser.

Certificate archive

Screen Shot 2019-10-16 at 10.32.27 AM.png Keyhub automatically archives a certificate that is not detected on the endpoints where it used to exist.

You can also archive it manually: simply go to Inventory, find a certificate that you want to archive, click on it to open a Single View Card >> hit the Archive button.

Note that once archived a certificate is not shown in inventory, filtering results, reports and alerts. To view the list of archived certificates go to Filters and apply Certificate status filter with archived value to view the list.

CSR generator

Screen Shot 2019-10-01 at 3.24.54 PM.png Generate a certificate signing request (CSR) with a private key. To do this, follow one of the instructions:

  1. Go to Inventory and find a certificate for which you want to generate a CSR.Click on a certificate to open a certificate Single View Card. Click the Renew button and check the automatically filled fields. Hit Generate.
  2. Go to Tools section >> hit CSR generator >> fill in all the required fields >> press Generate.

Once the CSR is generated you can either copy or download it in *CSR and *KEY files.

Note: Keyhub neither generates nor stores private keys on the server-side. Private key material is generated in a browser of the client-side machine.

CSR and Certificate decoders

photo_2019-09-18_16-23-33.jpg

Use Keyhub decoders to decode a CSR or SSL certificate to verify that it contains the correct information:

Certificate Signing Request (CSR) Decoder – go to Tools section >> paste your CSR into the box or upload a *txt file.

Certificate Decoder – go to Tools section >> paste text with certificate details or upload a *pem, *cer, *crt, *p12 or *txt file.

CT Logs monitoring & alerting

photo_2019-09-18_16-24-22.jpg When creating an external scan profile, you are now able to select the option of monitoring a domain or/and subdomains in CT Logs. Keyhub monitors all publicly available CT Log nodes from Google, Cloudflare, DigiCert, Sectigo etc. If a certificate with a required domain name is detected it is added to your inventory.

If you want to be notified when a new Pre-certificate or Certificate was detected in CT logs go to Settings >> Notifications and set up the alerting.

Note: this feature is available on all paid plans.

Certificate Issuance Policy Widget

keyhub-policy-widget.png Keyhub Dashboard got a new widget on Certificate Issuance Policy Type. It displays the ratio of Basic, Extended Validation and Self-signed types of certificates in your Inventory.

Certificate Single View card extended

Certificate Single View card now displays the fields with:keyhub-crl-aia.png

  • Certificate Revocation List (CRL) Distribution Points — contains the Uniform Resource Identifier of all certificates revoked by the issuing CA.
  • Authority Information Access — contains a lightweight revocation checking protocol and the URLs at which the issuing CA's certificate is published.

Upcoming expiry email alerts

keyhub-notifications.png Now Keyhub can email users in the event when their certificates are due to expire in 3, 7 or 14 days. To set up alerts go to Settings >> Notifications.

Certificate download

It's now possible to download a certificate in Privacy-Enhanced Mail format. Go to Certificate Single View Card and press Save .pem