Key Manager Plus (2024)

Table of Contents
Steps to Deploy Certificates on Different Target Systems 1. Windows Server 2. Microsoft Certificate Store 3. Internet Information Services (IIS) 4. IIS Binding 5. Linux Server 6. Browser 7.ManageEngine MDM 8.AWS-ACM 9. Load Balancer 10. FortiGate Firewall

In general, SSL certificates procuredfrom Certificate Authorities (CAs) are stored in a repository and then manually deployed on appropriatetarget systems. Key Manager Plus deploys the certificates from the repository on the correcttarget systemsautomatically. You can use Key Manager Plus to deploy the certificates onthe various systems individually, or in bulk, based on your requirements. Also, you can use the Key Manager Plus agent to deploy certificates on servers that reside in demilitarized zones outside of the domain where the Key Manager Plus server is present.

Steps to Deploy Certificates on Different Target Systems

Follow the below steps to deploy an SSL certificate on various target systems:

  1. Navigate toSSL >> Certificates.
  2. Select the checkbox beside the certificate to be deployed.
  3. ClickDeploy.
  4. In the drop-down, choose the required server type:
    1. Windows Server
    2. MS Certificate Store
    3. Internet Information Services (IIS)
    4. IIS Binding
    5. Linux Server
    6. Browser
    7. ManageEngine MDM
    8. AWS-ACM
    9. Load Balancer
    10. FortiGate Firewall

Key Manager Plus (1)

Notes:

  1. For deploying certificates on Windows systems, MS Certificate Store and Internet Information Services (IIS), use your domain administrator account as the service login account of Key Manager Plus.
  2. If you are using a domain service account to run Key Manager Plus, ensure you already have it configured in your local admin group.


1. Windows Server

  1. To deploy certificates on a Windows server, choose the server type asWindows.
  2. Select theDeployment Type asSingle,Multiple(servers) or Agent as per your need.

i. For single server deployment, provide the required details:Server Name, User Name, Password, Path.You can optionally enableCertificateto choose theFile Typeand mention theCertificate File Nameor/and enableJKS/PKCSto choose theKeystore Typeand mention theStore File Name.

ii. If you select the checkboxUse Key Manager Plus service account credentials for authentication, you need not provide the username and password separately,as theservice account credentialsused for Key Manager Plus will beusedhere too.

Key Manager Plus (2)

Key Manager Plus (3)

iii. For multi server deployment, upload a .csv file with any one set of the following details:Server Name, User Name, Password, Path, Certificate File Name (optional), Keystore File Name (optional). You can optionally enableCertificateto choose theFile Type or/and enableJKS/PKCS to choose theKeystore Type.

[OR]

Follow this format to use the Key Manager Plus service account credentials instead: Server name, SERVICE_AUTH, Path, Certificate File Name (optional), Keystore File Name (optional).

3. If you choose the Deployment Type as Agent,choosethe host name of the KMP agent from theSelect Agent drop-down,enter the destination file path in theagent machine.If a destination path is not mentioned, the agent installation path will be taken as default.You can optionally enableCertificateto choose theFile Typeand mention theCertificate File Nameor/and enableJKS/PKCSto choose theKeystore Typeand mention theStore File Name.

4. ClickSave to save the agent details.

Key Manager Plus (4)

After providing the details, clickDeploy. The certificate is deployedon the specified server/agent in the specified path.

Note:For file-based deployment, if the Certificate and Keystore file names are not provided, or if multiple certificates are selected for deployment, the Common Name will be used as the file name.

See Also
Binding in Windows IIS 10 - SSL.comBuy SSL Certificates at a Reasonable Price & Secure your Hosting | IONOSImport or install a certificate on an Exchange serverHow To Manually install an SSL Certificate | Knowledgebase | UK2.net


2. Microsoft Certificate Store

  1. To deploy certificates on the MS Certificate store, choose the server type asMicrosoft Certificate Store.
  2. Select theDeployment Type asSingle,Multiple (servers), or Agentas per your need.
    1. For single server deployment, provide the required details:Server Name, User Name and Password, Path.
      Key Manager Plus (5)
    2. If you select the checkboxUse Key Manager Plus service account credentials for authentication,you need not provide the username and password separately, as the service account credentials used for Key Manager Plus will beused here too.
      Key Manager Plus (6)
    3. For multi server deployment, upload a .csvfile with any one set of the following details:
      • Server Name, User Name, Password, Path
      • Server Name, Agent
      • Server Name, SERVICE_AUTH, Path (Follow this format to use the Key Manager Plus service account credentials instead)
      Key Manager Plus (7)
    4. If you choose the Deployment Type asAgent, choose the host name of the KMP agent from theSelect Agentdrop-down.
      Key Manager Plus (8)
    5. Select Computer and/or User accountto deploy the certificate to the selected account.

      Note:For Agent deployment, the latest version of Key Manager Pus agent(6160) should run in the user account to which the certificates are to be deployed.

    6. Now, Enable PrivateKey Export from MS Store after deployment as required to export private key from the certificate store.
    7. Select the Store Name to which the deployed certificate is to be added. If you have selected the Computer account, you can add the certificate to all the available stores of the computer account. If you have selected only the User account, only the personal store (My store) of the user account will be available.
  3. ClickSave to save the agent details. After providing the details, clickDeploy. The selected certificates are deployed inPersonal Certificates.
    Key Manager Plus (9)

3. Internet Information Services (IIS)

Follow the below steps to deploy a certificate on the IIS server. However, this procedure will only deploy the certificate to the server; IIS binding must be done separately.

  1. To deploy certificates on a Microsoft IIS server, select a certificate with a Keystore file and click Deploy >> Internet Information Services (IIS).
  2. Select theDeploymenttype asSingle,Multipleservers, or Agentas per your need.

i. For single server deployment, provide the required details:Server Name, User Name, Password, Path.

Key Manager Plus (10)

ii. If you select the checkboxUse Key Manager Plus service account credentials for authentication,you need not provide the username and password separately, as the service account credentials used for Key Manager Plus will beused here too.

Key Manager Plus (11)

iii. For multi server deployment, upload a .csv file with any one set of the following details: Server Name, User Name, Password, Path.

[OR]

Follow this format to use the Key Manager Plus service account credentials instead:Server Name, SERVICE_AUTH, Path.

3. Specify the name of the IIS server to which the certificate needs to be deployed, provide the user account credentials, and specify a path in the server where the certificate must be placed.

4. ClickDeploy. Now, the selected certificate will be deployed to the specified IIS server.

4. IIS Binding

Follow the below steps to deploy a certificate to the IIS server and bind the certificate to a site running in that server.

Notes:
i. IIS Manager should be installed/enabled in the Key Manager Plus server.
ii. IIS Binding for the Deployment Type Single will work only if the IIS server and Key Manager Plus are in the same domain, which has ASP.Net of .Net Framework version 4 or above enabled. However, if an IIS Server resides in a demilitarized zone, choose the Deployment Type as Agentand proceed with the steps for the same given below.

Key Manager Plus (12)

  1. To deploy certificates on a Microsoft IIS server and perform IIS binding, choose the server type asIIS Binding.
  2. If you choose the deployment type as Single, enter the required details:Server Name, User Name, Password.

Key Manager Plus (13)

  1. Specify the name of a valid IIS server to which the certificate needs to be deployed, and provide the user account credentials.
  2. Specify a path in the server where the certificate must be placed.
  3. If you select the checkboxUse Key Manager Plus service account credentials for authentication, you need not provide the username and password separately, as the service account credentials used for Key Manager Plus will beused here too.

Key Manager Plus (14)

  1. If you choose the Deployment Type as Multiple (Server), clickBrowse to upload a file and click Update Binding.
    1. You can login using three different ways: with Credentials, using Service Authentication, or using Agent. Upload the file with the content in the following format:
      1. For Single certificate selection,
        <servername>, <CREDENTIALS>, <site name>, <binding information>, <server credentials>, <temp path>
        (and/or)
        <servername>, <SERVICE_AUTH>, <site name>, <binding information>, <temp path>
        (and/or)
        <servername>, <AGENT>, <site name>, <binding information>
      2. For Multiple certificate selection, include <domain name> in the above format
        Example:testServer,CREDENTIALS,test.com,Default Web Site,*:443:myhost,testUSer,testPwd,C:\
      3. For Multiple certificates with same common name,include <domain name> along with the <serial number> in the above format.
        Example:testServer,SERVICE_AUTH,test.com,se123245d,Default Web Site,*:443:myhost,C:\
        Key Manager Plus (15)
  2. If the IIS Server resides in a demilitarized zone,choose theDeployment TypeasAgent. Select an agent from the drop-down. ClickGet Sites And Bindingsto list all sites and their respective bindings available in the selected server. Enter the name of a site in theSite Namefield, clickGet Bindingsto list all the bindings available for that site.
  3. Here, to add new bindings, clickAdd New Bindingsand enter attributes such asHost Name, Port, IP Address, and select a certificate. Select the checkbox to Require Server Name Indication while configuring and updating IIS Binding. The newly added bindings will be visible underSettings >> SSL >> IIS Binding.The new site bindings added in Key Manager Plus will not reflect in the IIS server until they are deployed to the server using the Deploy and Bind option.

    Key Manager Plus (16)

  4. To populate the list of sites associated with the IIS server, clickGet Site Names and choose a site from the drop-down. To enter a site name manually in theSiteName field, clickHide List,type in the site name and click the Get Bindings option.
  5. Enter theHost Name, IP Address andPort of the site manually.
  6. Select theRestart Siteoption to restart the site automatically.
  7. ClickAdd Binding/Update Bindingto deploy the certificate at the path specified in your IIS server and complete IIS site binding.
  8. To update multiple bindings, select the required bindings from the list, clickSave. Go toSettings >> SSL >> IIS Binding, select the bindings and click Deploy and Bind.

Key Manager Plus (17)

See Also
Setting Up a User-Managed SSL Certificate (SSL Starter/SSL Starter Wildcard) - IONOS Help

To save the specified details and deploy the certificate later, click Save. The server details and the respective site details will be available under Settings >> SSL >> IIS Binding.

Key Manager Plus (18)

To edit the binding details, click the Edit icon beside a server. In the window that opens, modify any of the given details and click Save. Now, select the server name and click Deploy And Bind from the top bar. The selected certificate will be deployed on the servers and the IIS binding will be updated in the IIS server.

Details of sites and IIS bindings displayed in the IIS Binding table above are local to Key Manager Plus. To update the binding entries here with the entries from IIS server, select the required entries and clickUpdate Binding.

Deleting entries from the above table will not remove any data from the IIS server.

Key Manager Plus (19)


5. Linux Server

  1. To deploy certificatesonaLinux server, choose the server type asLinux.
  2. Select theDeploymenttype asSingle orMultipleservers as per your need.

i. For single server deployment, provide the required details:Server Name, Port (port 22 is assigned by default), User Name, Password, Path.You can optionally enableCertificateto choose theFile Typeand mention theCertificate File Nameor/and enableJKS/PKCSto choose theKeystore Typeand mention theStore File Name.

Key Manager Plus (20)

ii. For multi server deployment, upload a .csv file with any one set of the following details:Server Name, Port, User Name, Password, Path, Certificate File Name (optional), Keystore File Name(optional). You can optionally enable Certificate to choose the File Typeor/and enable JKS/PKCS to choose the Keystore Type.

  1. You can also opt for a key-based authentication for password-less servers by choosing theImport Key credential type. Upload the private key associated with the required user account in the target system and provide the key passphrase.
  2. After providing the details, clickDeploy. The certificate is deployed on the specified server in the specified path.

Notes:

  1. Key-based authentication option is available for single server deployment type only.
  2. The private key uploaded during key-based authentication is for one-time use only and is not stored anywhere in the Key Manager Plus database. If you wish to add it to the Key Manager Plus repository, you can manually do so by using the Import option from the SSH tab.


6. Browser

  1. To deploy certificatesonabrowser, choose the deploy type asBrowser.
  2. Select theServer Typeas Windows, LinuxorMac OSas per your need.
  3. If the server type isWindows,
    1. Mention theServer Name, User Name, PasswordandPath.

      Key Manager Plus (21)

    2. If you select the checkboxUse Key Manager Plus service account credentials for authentication, you need not provide theUser NameandPasswordseparately, as the service account credentials used for Key Manager Plus will beused here too.

      Key Manager Plus (22)

  4. If the server type isLinux,
    1. Enter theServer Name, Port, User Name, PasswordandPath.
    2. Select the requiredBrowser(s)(Firefoxor/andChrome) where the certificate is to be deployed.
    3. If you selectFirefox, mention the Profile name.ClickGet Profilesto choose from available profiles.

      Note:Get Profiles option gets all profiles path from profiles.ini file from the following location:
      Windows: APPDATA\Mozilla\Firefox\profiles.ini
      Linux: $HOME/.mozilla/firefox/profiles.ini
      Mac: $HOME/Library/Application Support/Firefox/profiles.ini

    4. Mention theNSS Tools Path.

      Key Manager Plus (23)

      Notes:
      In Linux, Chrome and Firefox use NSS shared DB to manage the certificates. This NSS tool can be installed using the following command: sudo apt-get install libnss3-tools
      For Chrome, the certificate is deployed in NSS DB in the following path: $HOME/.pki/nssdb.
      For Firefox, Profiles folder contains the NSS DB to manage certificates.

    5. You can also opt for a key-based authentication for password-less servers by choosing theImport Keycredential type. Upload the private key associated with the required user account in the target system and provide the key passphrase.

      Key Manager Plus (24)

  5. If the server type isMac OS,
    1. Enter theServer Name, Port, User Name, PasswordandPath.
    2. Select the requiredBrowser(s)(Firefoxor/andSafari/Chrome) where the certificate is to be deployed.
    3. If you selectFirefox, mention the Profile nameandNSS Tools Path.ClickGet Profilesto choose from available profiles.

      Key Manager Plus (25)

    4. If you selectSafari/Chromeyou can choose toUse the login password for Keychain loginormention theLogin Keychain Password.

      Note:For Safari and Chrome, Mac OS uses System Keychain to manage certificates. For Firefox, NSS DB from profiles manages the certificates. To install NSS utils, use the following command: brew install nss.

      Key Manager Plus (26)

  6. Click Deploy.

Now, you have successfully deployed the certificate to the selected browsers.

7.ManageEngine MDM

To learn about deploying certificates to ManageEngine MDM, click here.

8.AWS-ACM

To learn about deploying certificates to AWS-ACM, click here.

9. Load Balancer

  1. Select a certificate and click Deploy >> Load Balancer from the dropdown.
  2. In the pop-up that appears, select the Citrix ADC as the Load Balancer Type.
  3. Select the required Citrix Credential List from the dropdown.

    Key Manager Plus (27)

  4. Click Manage Credentialsto add or delete a credential.
    1. In the pop-up that appears, click to Addand mention the Credential Name, Server Name, Citrix Username and Citrix Password.
    2. Click Test Login to test the credential and click Save Credentials.

      Key Manager Plus (28)

    3. To Delete a credential, select a credential you want to delete and click Delete and in the pop-up that appears click Ok.
  5. Enter the Citrix Password and a Passphrase. You can also use theGenerate Passwordicon to generate a secure passphrase.
  6. During Citrix load balancer discovery using REST API, you can choose to bypass your proxy server settings by selecting theBypass Proxy Settingscheckbox. This option is allows you to bypass the proxy server you have enabled underAdmin Settingsdirectly perform Citrix load balancer discovery through the internet.
  7. Select Service Deploy. In the pop-up that appears, select the services to deploy the load balancer and click Select Services.
  8. Select Virtual Server Deploy. In the pop-up that appears, select the virtual servers to deploy the load balancer and click Select Virtual Servers.

    Key Manager Plus (29)

  9. Click Deploy.

Now, you have successfully deployed the certificate to the selected LoadBalancer.

10. FortiGate Firewall

  1. Select a certificate and click Load Balancer from the Deploy drop-down.
  2. In the pop-up that appears, select the FortiGate Firewall under the Load Balancer Type.
  3. Select the required FortiGate Credential from the FortiGate Credentials Listdrop-down.

    Key Manager Plus (30)

  4. Click Manage Credentialsto add or delete a credential. In the pop-up that appears:
    1. To add a credential, click Add and enter the Credential Name, Server IP, and API Key.
    2. Click Save Credentials to add a new FortiGate Firewall credential.
    3. To delete a credential, select a credential that you want to delete and click Delete.
    4. In the pop-up that appears, click Ok to delete the selected credential.
  5. If the certificate has a keystore file, select the Upload Type as Regular. Else, select the Upload Type as Remote.
  6. In addition, you can bypass your proxy server settings by enabling the Bypass Proxy Settings checkbox. This option allows you to bypass the proxy server that you have enabled under Admin Settings directly, to deploy the certificate to the FortiGate Firewall through the internet.
  7. Click Deploy to deploy the selected certificate to the FortiGate Firewall.
Key Manager Plus (2024)
Top Articles
Guide to games: Discarding games: How to play cheat
Set up your node
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Free Atm For Emerald Card Near Me
Craigslist Mexico Cancun
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Select Truck Greensboro
Things To Do In Atlanta Tomorrow Night
Non Sequitur
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Craigslist In Flagstaff
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Testberichte zu E-Bikes & Fahrrädern von PROPHETE.
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Pixel Combat Unblocked
Cvs Sport Physicals
Mercedes W204 Belt Diagram
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Facebook Marketplace Marrero La
Nobodyhome.tv Reddit
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hampton In And Suites Near Me
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Bedbathandbeyond Flemington Nj
Otter Bustr
Selly Medaline
Latest Posts
Factors That Can Contribute to a Security Clearance Denial
What is sustainable energy and why is it important?
Article information

Author: Fredrick Kertzmann

Last Updated:

Views: 6149

Rating: 4.6 / 5 (46 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Fredrick Kertzmann

Birthday: 2000-04-29

Address: Apt. 203 613 Huels Gateway, Ralphtown, LA 40204

Phone: +2135150832870

Job: Regional Design Producer

Hobby: Nordic skating, Lacemaking, Mountain biking, Rowing, Gardening, Water sports, role-playing games

Introduction: My name is Fredrick Kertzmann, I am a gleaming, encouraging, inexpensive, thankful, tender, quaint, precious person who loves writing and wants to share my knowledge and understanding with you.