Dashboard Operations

Initially the dashboard needs to be configured to your preferred settings. The dashboard widgets can be organized up to 6 columns wide and extend vertically as necessary to fit all of the configured widgets. Once the dashboard is configured, you can also edit the dashboard panels.

Tip:  Where to find this in the Management Portal:
Dashboard
Note:  The selected widgets and their arrangement is unique to each user of the Management Portal. Dashboard configurations cannot be shared across users.

From a blank (default) dashboard you can access the Legacy Dashboard via the link at the bottom of the page. Edit the empty dashboard via the link at the top right of the page to add your desired widgets to the new dashboard (see Add Widget).

From the legacy dashboard, you can access the new dashboard via the link at the top of the page.

When a user selects a dashboard (legacy or new), that preference is saved. The next time they access Keyfactor Command, the Dashboard tab opens to the selected dashboard.

Figure 8: Legacy Dashboard Link

There is a link at the top of the legacy dashboard to redirect you to the new dashboard.

Figure 9: New Dashboard Link

The blank (default) dashboard will be presented in the following circumstances:

  • When navigating to the new dashboard for the first time.

  • When all widgets have been removed, leaving an empty dashboard.

From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.

Figure 10: Initial Dashboard Edit Link from Default Dashboard

The dashboard will be shaded gray, to indicate edit mode and the dashboard action menu will appear at the top right of the page with the options Add Widget, Save, Remove All, and Cancel. If there are existing widgets, editing icons (, ) will appear on each widget in edit mode.

Figure 11: Dashboard Edit Mode

For existing widgets, you can edit the configuration of a widget, change the position of the widget on the dashboard, or remove a widget.

To edit the configuration of an existing widget:

  1. From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.

  2. Click the gear icon at the bottom left of the widget and select Configure.

  3. Clicking Configure will open the widget Configure dialog where you can edit the title and description of the widget (and optionally some widget-specific fields). For existing widgets, this will be pre-populated with the current configuration. Generally, you will not be able to change the collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). selected once a widget has been saved.

    Tip:  Create a new widget with the desired collection if you want to change the collection.

To remove an existing widget:

  1. From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.

  2. Click the gear icon at the bottom left of the widget and select Remove.

  3. You will receive a Confirm prompt. Respond to the prompt. Clicking OKwill delete the widget from the dashboard.

    Tip:  To remove all widgets, use the Remove All action button at the top of the dashboard.

To change the position of the widget on the dashboard:

The dashboard widgets can be organized up to 6 columns wide and extend vertically as necessary to fit all of the configured widgets.

  1. From the Dashboard page on the Management Portal, set the dashboard into edit mode by clicking Edit Dashboard at the top right of the page.

  2. Click the lock/unlock icon at the bottom right of the widget. The icon will change to unlocked to indicate it is moveable .

  3. Drag the widget to the desired location.

    Tip:  You will not be able to move a widget to a position in which another locked widget is positioned. The available new locations for the widget will be determined by the size of the widget, and position and size of other widgets on the dashboard. You can unlock multiple widgets at the same time, in which case the unlocked widgets will move relative to each other as the widget is repositioned, until it is locked.

  4. Click to lock it in place. Once it is locked, the widget will not automatically move when other widgets are attempted to be placed over that widget.

To save your dashboard configuration

  1. Click the Save action button at the top right of the page to save your changes. The dashboard will exit edit mode by reverting to its original color and hiding the editing icons. Saving will persist the widget positions and configurations to the database for the current user profile.

The Add Widget dialog includes three tabs: Certificate Counts, SSL, and Certs By Group . Selecting a widget from any tab opens a Configure dialog with options specific to that widget. All widgets support a customizable Title and Description, and some widget types include additional configurable fields.

Tip:  The Description you enter is rendered in a tooltip on the top right of the widget.

When working with collections on the new dashboard, please note the following:

  • For some widgets, displaying data from multiple collections requires adding a separate widget for each collection.

  • A user’s collection permissions determine which collections are available for the user’s dashboard.

  • All Widgets and analytics endpoints that use collections support collections with user-specific tokens (%ME%, %ME-AN%, %ROLES%). See Certificate Search Page for information about these special search values. Counts of these collections with special tokens are cached dependent on the Collection Caching Interval application setting (see Application Settings: Dashboard and Reports Tab.

Note:  The available widgets depends on the current users assigned permissions. See Dashboard Permission Requirement Matrix for permission requirements.

The Certificate Counts tab includes the following count tile widgets that you can configure and add to your dashboard (see Count Tile for details).

Figure 12: Certificate Counts Widget Tab

The available widgets include:

  • Custom Query Count Tile

    The Custom Query Count value shows the total count of all certificates in a given collection, filtered according to the provided custom query.

    The query input allows for a query on one field using the Simple view, or multiple fields using Advanced.With Advanced selection, an insert button, clear button are added, and the textbox will show the full query as defined. See the Certificate Search Page for more information about working with queries. Each section of the query cannot exceed 255 characters. Upon editing an existing widget, the query section will pre-populate with the view as defined (i.e., simple or advanced).

    Figure 13: Custom Query Count - Query - Advanced View

     

    The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Total Certificate Count

    The Total Certificate Count value reflects all certificates in a specific collection, excluding expired certificates, revoked certificates, and certificates that have been renewed.

    The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Expiring in < 14 (or user-defined #) Days

    The Expiring in Days value includes all active certificates in the specified collection with an expiration date between the current date/time and a specific number of days that you set on the Days until Expiration field (to the minute) from the current date/time. This value:

    The Title, Description, Certificate collection, Days until expiration, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown of the collections the user has access to. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Expired in the last 7 (or user-defined #) Days

    The Expired in Days value shows the count of certificates in the specified collection that have expired within past number of days as set on the Days until Expiration field. This widget counts only expired certificates. Certificates that have already been renewed are not included.

    The Title, Description, Certificate collection, Expired in days, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Revoked in last 7 (or user-defined #) Days

    The Revoked in Days value represents the number of certificates that have been revoked within a user-defined number of days for the specified collection.

    The Title, Description, Certificate collection, Revoked in days, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Active Certificates

    The Active Certificates value represents the number of active certificates in the specified collection, including those with a certificate state of unknown, and excludes expired certificates, revoked certificates, and certificates that have been renewed (to avoid counting both the original certificate and the replacement certificate).

    The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

  • Certificates with Weak Keys

    The Certificates with Weak Keys value includes all certificates in the database that are deemed to have weak keys. Weak key certificates are those with:

    • Signature algorithm SHA-1

    • Signature algorithm MD5

    • RSA keys under 2048 bits

    • ECC keys under 224 bits

    • These certificates aren't expired, or revoked and have a state of either Unknown (0), Active (1), Certificate Authority (6), or Parent Certificate Authority (7)

    This value excludes expired certificates, revoked certificates, and includes certificates that have been renewed

    The Title, Description, Certificate collection, and Critical threshold can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, one column (1x1) Count Tile widget.

Note:  When a widget’s count exceeds its defined Critical threshold, the number and title are highlighted in red.
Tip:  If the current user is in a role that has global > certificate > read permissions, the collection search select dropdown will show All Certificates (built-in collection), which will allow them to select all certificates to use for that widget.

The SSL tab has the following widgets available to configure and add to your dashboard:

Figure 14: SSL Widget Tab

The available widgets include:

  • Endpoints per Network

    The Endpoints per Network widget displays discovered SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. endpoints grouped by SSL network. The chart represents all discovered endpoints, including:

    • Endpoints where a certificate is currently detected

    • Endpoints where a certificate was previously detected but is no longer present

    • Endpoints that responded to the scan but did not present a certificate

    Click a section of the pie chart to view matching results on the SSL Discovery Results page. Use the labels below the chart to toggle individual segments on or off.

    The Title, Description, and Networks can be edited to customize your dashboard. The Networks field defaults to using all networks. It’s a search select dropdown that allows you to search for and add multiple networks one at a time. After selecting a network, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    Note:  When editing an existing widget, a red info icon will appear in the top of the search select grid on the widget configuration page if widget data includes an entity that no longer exists (due either to deletion or lost permissions, for example).

    This is a square, two column widget (2x2) Doughnut Chart widget.

  • Network Endpoint SSL Scanning Results

    The Network Endpoint SSL Scanning Results widget shows the results from the most recent SSL scan (discovery or monitoring) broken out by result (e.g., certificate found, connection timed out, connection refused). Click on a section of the pie chart to be taken to the SSL Discovery Results page.

    The Title, Description, and Networks can be edited to customize your dashboard. The Networks field defaults to using all networks. It’s a search select dropdown that allows you to search for and add multiple networks one at a time. After selecting a network, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    Note:  When editing an existing widget, a red info icon will appear in the top of the search select grid on the widget configuration page if widget data includes an entity that no longer exists (due either to deletion or lost permissions, for example).

    This is a square, two column (2x2) Doughnut Chart widget.

The Issuance Timelines tab has line plot widgets that return the number of certificates issued or revoked in the requested time period(s).

The available widgets include:

  • Certificates Issued per Week

The Certificates Issued per Week widget returns the number of certificates issued in each of the time periods requested in a Line Plot widget.

The Title, Description, Certificate collection and Total Periods can be edited to customize your dashboard. The required TotalPeriods parameterClosed A parameter or argument is a value that is passed into a function in an application. determines how many weeks of data to return from the current date (must be greater than 0 and less than or equal to 52). The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

  • Certificates Revoked per Week

    The Certificates Revoked per Week widget returns the number of certificates revoked in each of the time periods requested in a Line Plot widget.

    The Title, Description, Certificate collection and Total Periods can be edited to customize your dashboard. The required TotalPeriods parameter determines how many weeks of data to return from the current date (must be greater than 0 and less than or equal to 52). The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

The Certs by Group tab has the following widgets available to configure and add to your dashboard:

Figure 15: Certs By Group Tab

Note:  Post-quantum certificatesClosed A certificate with a single, primary post-quantum key. are not currently supported in this report the risk header but will be supported in a future release.

The available widgets include:

  • Active Certificates By Template

    The Active Certificates By Template widget shows the count of active certificates issued in a specified collection grouped by certificate templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.. Active certificates:

    • Are not expired, revoked, or already renewed
    • Have a state of Unknown, Active, Certificate Authority, or Parent Certificate Authority

    The Title, Description, and Certificate collection can be edited to customize your dashboard. The certificate collection field is a search select dropdown. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    This is a square, two column widget (2x2) Doughnut Chart widget.

  • Number of Certificates in Collections

    The Number of Certificates in Collections widget shows the certificate count of the selected collections configured in a bar graph.

    The Title, Description, and Certificate collection can be edited to customize your dashboard. The certificate collection field is a search select dropdown that lets you search for and add multiple collections one at a time. After selecting a collection, click Add to insert it into the grid, then repeat as needed. To narrow the list of results in a search select dropdown, begin typing in the input field. Matching results will appear as you type.

    Note:  When editing an existing widget, a red info icon will appear in the top of the search select grid on the widget configuration page if widget data includes an entity that no longer exists (due either to deletion or lost permissions, for example).

    This is a square, two column widget (2x2) Bar Graph widget. Collections on the bar graph appear in the order they were specified in the local selection grid.

A user's permissions will determine the dashboard functionality that is available to them. For a list of the permission required for working with the dashboard, see Table 8: Dashboard Permission Requirement Matrix.

Tip:  If the current user is in a role that has global > certificate > read permissions, the collection search select dropdown will show All Certificates (built-in collection), which will allow them to select all certificates to use for that widget.

Table 8: Dashboard Permission Requirement Matrix

Category Widgets

API Permissions

 Portal Permission
Dashboard Access All Widgets /dashboard/read Global > Dashboard > Read
Certificate Widgets

  • Total certificate count

  • Expiring in x days

  • Expired in last x days

  • Revoked in last x days

  • Active Certificates

  • Certificates with weak keys

  • Active certificates by signing algorithm

  • Active certificates by template

  • Number of Certificates in Collections

  • Certificates Issued Per Week

  • Certificates Revoked Per Week

/certificates/collections/read/

OR

/certificates/collections/read/#/ (where # is a reference to a specific certificate collection ID)

Global > Certificates > Read, or Read on at least one collection.
SSL widgets

  • Endpoints per network

  • Network endpoint SSL scanning results

  • SSL endpoints expiring in the next x days

 /ssl/read/ Global > Ssl > Read