Certificate Collection Manager
Certificate Collection Manager
The Certificate Collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). Manager is used to:
-
View a list of certificate collections
-
Change whether or not the collections show in Navigator (the top menu, where they appear under Certificates).
-
View whether or not the collections show in the dashboard widget (see Dashboard: Collections).
-
Delete a certificate collection
-
Search for specific certificate collections from the list (see Using the Collection Manager Search Feature).
-
View all the certificates in a collection by highlighting the collection from the Certificate Collection Manager grid and clicking the View action button. This will open a new window with the name of the collection in a certificate search grid (see Viewing an Existing Certificate Collection).
To open the Certificate Collection Management grid, browse to Certificates > Collection Manager in the Management Portal. The Certificate Collection Management page includes the following collection action buttons from the grid header:
- Set Show in Navigator on the collection to determine whether or not the collection appears in Navigator (the top menu under Certificates). To change this setting, highlight the row in the collection management grid and click Show in Navigator at the top of the grid, or right-click the collection in the grid and choose Show in Navigator from the right-click menu. This will toggle the Yes/No in the Show in Navigator grid column.
- To delete a collection, highlight the row (or rows) in the collection management grid and click Delete at the top of the grid or right-click the collection in the grid and choose Delete from the right-click menu.
- Highlight a row in the collection management grid and click View at the top of the grid, or right-click the collection in the grid and choose View from the right-click menu to be taken to the list of certificates in that collection. Choosing this option will open the certificate search page in a new window filtered with the specific collection.
Figure 53: Certificate Collection Manager
Several collections are created automatically when Keyfactor Command is installed:
- Certificates Expiring in 7 Days
This collection uses the special %TODAY% value in place of the current date to create a collection that can be used on any day to find the certificates that will expire within the next week. Only active certificates are included in this collection. The query for this collection is:ExpirationDate -ge "%TODAY%" AND ExpirationDate -le "%TODAY+7%" AND CertState -eq "1" - Certificates with Weak Encryption
This collection uses a variety of key type The key type identifies the type of key to create when creating a symmetric or asymmetric key. It references the signing algorithm and often key size (e.g. AES-256, RSA-2048, Ed25519)., key size The key size or key length is the number of bits in a key used by a cryptographic algorithm., and signing algorithm queries to produce a collection that returns active certificates that have weak encryption. The query for this collection is:((SigningAlgorithm -contains "SHA 1" OR SigningAlgorithm -contains "SHA1" OR SigningAlgorithm -contains "SHA-1") OR (SigningAlgorithm -contains "MD") OR (KeyType -eq 3 AND KeySize -lt 224) OR (KeyType -eq 1 AND KeySize -lt 2048)) AND CertState -eq "1" - My Certificates
This collection uses the special %ME% value in place of a specific user name to create a collection that any user can use to find the certificates on which they were the requester. The query for this collection is:NetBIOSRequester -eq "%ME%"Note: Certificate collections saved using the %ME% value are not supported for use in reports or on the dashboard. - Revoked Certificates
This collection returns revoked certificates by querying for certificates that have a non-null revocation date. The Include Revoked box is automatically checked for this collection when run. The query for this collection is:RevocationDate -ne NULL - Self-Signed Certificates
This collection returns all certificates that are self-signed. In environments with no certificates imported from external sources (e.g. SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scanning), this would typically just be CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. certificates. The query for this collection is:SelfSigned -eq true
You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.