Certificate Single View card got extended by the Revocation Info tab displaying if the certificate has been revoked, its last check date and the source URL. You can also check the certificate status manually by clicking Check status. For all new certificates, the revocation check will be performed automatically.
Certificate Revocation Check
Certificate status filter
Sort out certificates according to their revocation status. Select the Certificate status condition in filters and see the full list. You can then save results as a group for quick access.
Basic and advanced search
New Search feature allows you to find a specific digital certificate, scan profile or any other object in your Keyhub workspace.
To run a Basic search, type the name or title of any object to perform search in the following certificate fields:
- Common name,
- SHA256 Thumbprint,
- SHA1 Thumbprint,
- Organizational unit,
Use Advanced search filters to narrow down results to only the answers that meet specific criteria. In the Advanced Search window, you will see a number of parameters that you can use to search for objects.
Self-Signed certificate generator
Use UI-based tools to generate a self-signed SSL certificate and key on the client-side for internal, development or personal use. To do this go to the Tools section >> hit Self-Signed certificate generator >> fill in all the required fields >> press Generate.
Note: Keyhub does not generate or store a private key on the server-side. Private Key material is generated on the client-side machine in your browser.
Keyhub automatically archives a certificate that is not detected on the endpoints where it used to exist.
You can also archive it manually: simply go to Inventory, find a certificate that you want to archive, click on it to open a Single View Card >> hit the Archive button.
Note that once archived a certificate is not shown in inventory, filtering results, reports and alerts. To view the list of archived certificates go to Filters and apply Certificate status filter with archived value to view the list.
Generate a certificate signing request (CSR) with a private key. To do this, follow one of the instructions:
- Go to Inventory and find a certificate for which you want to generate a CSR.Click on a certificate to open a certificate Single View Card. Click the Renew button and check the automatically filled fields. Hit Generate.
- Go to Tools section >> hit CSR generator >> fill in all the required fields >> press Generate.
Once the CSR is generated you can either copy or download it in *CSR and *KEY files.
Note: Keyhub neither generates nor stores private keys on the server-side. Private key material is generated in a browser of the client-side machine.
CSR and Certificate decoders
Use Keyhub decoders to decode a CSR or SSL certificate to verify that it contains the correct information:
Certificate Signing Request (CSR) Decoder – go to Tools section >> paste your CSR into the box or upload a *txt file.
Certificate Decoder – go to Tools section >> paste text with certificate details or upload a *pem, *cer, *crt, *p12 or *txt file.
CT Logs monitoring & alerting
When creating an external scan profile, you are now able to select the option of monitoring a domain or/and subdomains in CT Logs. Keyhub monitors all publicly available CT Log nodes from Google, Cloudflare, DigiCert, Sectigo etc. If a certificate with a required domain name is detected it is added to your inventory.
If you want to be notified when a new Pre-certificate or Certificate was detected in CT logs go to Settings >> Notifications and set up the alerting.
Note: this feature is available on all paid plans.
Certificate Issuance Policy Widget
Keyhub Dashboard got a new widget on Certificate Issuance Policy Type. It displays the ratio of Basic, Extended Validation and Self-signed types of certificates in your Inventory.
Certificate Single View card extended
Certificate Single View card now displays the fields with:
- Certificate Revocation List (CRL) Distribution Points — contains the Uniform Resource Identifier of all certificates revoked by the issuing CA.
- Authority Information Access — contains a lightweight revocation checking protocol and the URLs at which the issuing CA's certificate is published.