Dashboard Operations
Initially the dashboard needs to be configured to your preferred settings. The dashboard widgets can be organized up to 6 columns wide and extend vertically as necessary to fit all of the configured widgets. Once the dashboard is configured, you can also edit the dashboard panels.
Switching Dashboards
From a blank (default) dashboard you can access the Legacy Dashboard via the link at the bottom of the page. Edit the empty dashboard via the link at the top right of the page to add your desired widgets to the new dashboard (see Add Widget).
From the legacy dashboard, you can access the new dashboard via the link at the top of the page.
When a user selects a dashboard (legacy or new), that preference is saved. The next time they access Keyfactor Command, the Dashboard tab opens to the selected dashboard.
Figure 8: Legacy Dashboard Link
There is a link at the top of the legacy dashboard to redirect you to the new dashboard.
Figure 9: New Dashboard Link
The blank (default) dashboard will be presented in the following circumstances:
-
When navigating to the new dashboard for the first time.
-
When all widgets have been removed, leaving an empty dashboard.
Dashboard Edit Mode
From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.
Figure 10: Initial Dashboard Edit Link from Default Dashboard
The dashboard will be shaded gray, to indicate edit mode and the dashboard action menu will appear at the top right of the page with the options Add Widget, Save, Remove All, and Cancel. If there are existing widgets, editing icons (,
) will appear on each widget in edit mode.
Figure 11: Dashboard Edit Mode
Edit Existing Widgets
For existing widgets, you can edit the configuration of a widget, change the position of the widget on the dashboard, or remove a widget.
To edit the configuration of an existing widget:
-
From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.
-
Click the gear icon
at the bottom left of the widget and select Configure.
-
Clicking Configure will open the widget Configure dialog where you can edit the title and description of the widget (and optionally some widget-specific fields). For existing widgets, this will be pre-populated with the current configuration. Generally, you will not be able to change the collection
The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). selected once a widget has been saved.
Tip: Create a new widget with the desired collection if you want to change the collection.
To remove an existing widget:
-
From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.
-
Click the gear icon at the bottom left of the widget and select Remove.
-
You will receive a Confirm prompt. Respond to the prompt. Clicking OKwill delete the widget from the dashboard.
Tip: To remove all widgets, use the Remove All action button at the top of the dashboard.
To change the position of the widget on the dashboard:
The dashboard widgets can be organized up to 6 columns wide and extend vertically as necessary to fit all of the configured widgets.
-
From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.
-
Click the lock/unlock icon
at the bottom right of the widget. The icon will change to unlocked to indicate it is moveable
.
-
Drag the widget to the desired location.
Tip: You will not be able to move a widget to a position in which another locked widget is positioned. The available new locations for the widget will be determined by the size of the widget, and position and size of other widgets on the dashboard. You can unlock multiple widgets at the same time, in which case the unlocked widgets will move relative to each other as the widget is repositioned, until it is locked. -
Click
to lock it in place. Once it is locked, the widget will not automatically move when other widgets are attempted to be placed over that widget.
To save your dashboard configuration
- Click the Save action button at the top right of the page to save your changes. The dashboard will exit edit mode by reverting to its original color and hiding the editing icons. Saving will persist the widget positions and configurations to the database for the current user profile.
Add Widget
The Add Widget dialog includes three tabs: Certificate Counts, SSL, and Certs By Group . Selecting a widget from any tab opens a Configure dialog with options specific to that widget. All widgets support a customizable Title and Description, and some widget types include additional configurable fields.

When working with collections on the new dashboard, please note the following:
-
For some widgets, displaying data from multiple collections requires adding a separate widget for each collection.
-
A user’s collection permissions determine which collections are available for the user’s dashboard.
-
Any collection that utilizes the %ME%, %ME-AN%, or %ROLES% special search values will not appear in the collection search select dropdown. See Certificate Search Page for information about these special search values.

The Certificate Counts tab includes the following count tile widgets that you can configure and add to your dashboard (see Count Tile for details):
Figure 12: Certificate Counts Widget Tab
The available widgets include:
-
Total Certificate Count
The Total Certificate Count value reflects all certificates in a specific collection, excluding expired certificates, revoked certificates, and certificates that have been renewed.
The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-
Expiring in < 14 (or user-defined #) Days
The Expiring in Days value includes all active certificates in the specified collection with an expiration date between the current date/time and a specific number of days that you set on the Days until Expiration field (to the minute) from the current date/time. This value:
- Excludes: Expired certificates, revoked certificates, and certificates that have been renewed (to avoid counting both the original certificate and the replacement certificate)
- Includes: Certificates that have a state of Unknown, Active, Certificate Authority
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA., or Parent Certificate Authority
The Title, Description, Certificate collection, Days until expiration, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown of the collections the user has access to. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-
Expired in the last 7 (or user-defined #) Days
The Expired in Days value shows the count of certificates in the specified collection that have expired within past number of days as set on the Days until Expiration field. This widget counts only expired certificates. Certificates that have already been renewed are not included.
The Title, Description, Certificate collection, Expired in days, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-
Revoked in last 7 (or user-defined #) Days
The Revoked in Days value represents the number of certificates that have been revoked within a user-defined number of days for the specified collection.
The Title, Description, Certificate collection, Revoked in days, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-
Active Certificates
The Active Certificates value represents the number of active certificates in the specified collection, including those with a certificate state of unknown, and excludes expired certificates, revoked certificates, and certificates that have been renewed (to avoid counting both the original certificate and the replacement certificate).
The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-
Certificates with Weak Keys
The Certificates with Weak Keys value includes all certificates in the database that are deemed to have weak keys. Weak key certificates are those with:
-
Signature algorithm SHA-1
-
Signature algorithm MD5
-
RSA keys under 2048 bits
-
ECC keys under 224 bits
This value excludes expired certificates, revoked certificates, and certificates that have been renewed (to avoid counting both the original certificate and the replacement certificate).
The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, one column (1x1) Count Tile widget.
-

The SSL tab has the following widgets available to configure and add to your dashboard:
Figure 13: SSL Widget Tab
The available widgets include:
-
Endpoints per Network
The Endpoints per Network widget displays discovered SSL
TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. endpoints grouped by SSL network. The chart represents all discovered endpoints, including:
-
Endpoints where a certificate is currently detected
-
Endpoints where a certificate was previously detected but is no longer present
-
Endpoints that responded to the scan but did not present a certificate
Click a section of the pie chart to view matching results on the SSL Discovery Results page. Use the labels below the chart to toggle individual segments on or off.
The Title, Description, and Networks can be edited to customize your dashboard. The Networks field defaults to using all networks. It’s a search select dropdown that allows you to search for and add multiple networks one at a time. After selecting a network, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, two column widget (2x2) Doughnut Chart widget.
-
-
Network Endpoint SSL Scanning Results
The Network Endpoint SSL Scanning Results widget shows the results from the most recent SSL scan (discovery or monitoring) broken out by result (e.g., certificate found, connection timed out, connection refused). Click on a section of the pie chart to be taken to the SSL Discovery Results page.
The Title, Description, and Networks can be edited to customize your dashboard. The Networks field defaults to using all networks. It’s a search select dropdown that allows you to search for and add multiple networks one at a time. After selecting a network, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, two column (2x2) Doughnut Chart widget.
-
SSL Endpoints Expiring in the Next 30 (or user-defined #) Days
The Endpoints Expiring in the Next x Days widget displays up to ten SSL endpoints with certificates expiring in the next # of days as specified in the Days until Expiration field. This grid only displays if there are endpoints that meet that criteria. If there are more than ten to display, the certificates expiring soonest are displayed. The grid includes the network name, the endpoint
An endpoint is a URL that enables the API to gain access to resources on a server. address, the certificate expiration date, and the certificate common name
A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com)., if any.
The Title, Description, and Days until Expiration can be edited to customize your dashboard.
This is a Grid widget.

The Certs by Group tab has the following widgets available to configure and add to your dashboard:
Figure 14: Certs By Group Tab
The available widgets include:
-
Active Certificates By Template
The Active Certificates By Template widget shows the count of active certificates issued in a specified collection grouped by certificate template
A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.. Active certificates:
- Are not expired, revoked, or already renewed
- Have a state of Unknown, Active, Certificate Authority, or Parent Certificate Authority
The Title, Description, and Certificate collection can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, two column widget (2x2) Doughnut Chart widget.
-
Number of Certificates in Collections
The Number of Certificates in Collections widget shows the certificate count of the selected collections configured in a bar graph.
The Title, Description, and Certificate collection can be edited to customize your dashboard. The certificate collection field is a search select dropdown that lets you search for and add multiple collections one at a time. After selecting a collection, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, two column widget (2x2) Bar Graph widget. Collections on the bar graph appear in the order they were specified in the local selection grid.
-
Active Certificates by Signing Algorithm
The Active Certificates by Signing Algorithm widget shows a bar chart of all active certificates in Keyfactor Command from the following sources:
- Synchronized from an EJBCA CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA., Microsoft CA or Keyfactor CA gateway
- Imported via SSL scanning, certificate store inventorying, or manual import
The values returned include the signing algorithm name and counts by signing algorithm for the specified collection.
The Title, Description, and Certificate collection can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.
This is a square, two column (2x2) Bar Graph widget.
- Synchronized from an EJBCA CA
Dashboard Permissions
A user's permissions will determine the dashboard functionality that is available to them. For a list of the permission required for working with the dashboard, see Table 10: Dashboard Permission Requirement Matrix.
Table 10: Dashboard Permission Requirement Matrix
Category | Widgets |
API Permissions |
Portal Permission |
---|---|---|---|
Dashboard Access | All Widgets | /dashboard/read | Global > Dashboard > Read |
Certificate Widgets |
|
/certificates/collections/read/ OR /certificates/collections/read/#/ (where # is a reference to a specific certificate collection ID) |
Global > Certificates > Read, or Read on at least one collection. |
SSL widgets |
|
/ssl/read/ | Global > Ssl > Read |
Was this page helpful? Provide Feedback