Register a New Account

To create a new account with us, you can click on the Create a new account link and follow the on-screen process. There are to types of account that you can create with us. Personal account type is suitable for those who are going to manage your own certificates, and Company account type is for those who are managing certificates owned by their company.

To indicate that you want to register for a personal account, you can tick on the This is a personal account.

register
Figure 1. Register Account

Please ensure all the information that you have entered are correct. When everything is OK, click on the Register button to complete the registration process.

You should receive an email in a short while that allows you to activate your account.

Company name is unique throughout our system. If your company has been registered, you can ask the existing admin of your company to create an invitation for another admin. You may refer to here on how to invite an admin to your company.
Username can only contain alphabets, numbers, @, dot (.), and dash (-) symbols.
Please make sure that the email address that you entered is correct so that you can receive the activation email.

Authenticate to the System

CertCycle allows you to authenticate using different mechanisms. You can use your own username and password/FIDO token, or you may as well use your social accounts (we support Google and Facebook).

Authenticate using Username/Password

To authenticate using your username and password, you may enter your username into the username field and press on the Continue button.

login username
Figure 2. Username Login

You will be presented with a password field to where you can enter your password.

login password
Figure 3. Password Login

Press the Login button to complete your login process.

Authenticate using FIDO token

To authenticate using your FIDO token, you may enter your username into the username field and press on the Continue button.

login username
Figure 4. Username Login

You will be asked to enter the PIN to access your FIDO token.

login fido1
Figure 5. FIDO PIN
If this is your first time, you will be asked to set the PIN for your FIDO token first.

After that, depending on the type of the FIDO token that you have, you will be asked to confirm your presence. This can be by pressing your FIDO token or even your biometrics.

login fido2
Figure 6. FIDO Presence Confirmation

If authentication is successful, you will be able to access the system now.

You need to have FIDO authentication enabled for your account before you are able to use this feature. You can check here on how to enable FIDO authentication for your account.
The screenshots here are taken on Linux. Different operating system might show different UI, but the steps are the same.

Authenticate using Google

To authenticate using your Google account, simply click on the Sign in using Google button.

register signin google
Figure 7. Sign in using Google Button

You will be presented with Google login page. Just login using your Google account and once completed you will be authenticated to CertCycle.

signin google
Figure 8. Google Sign-in Page
If your Google’s email address has not been registered in the system, CertCycle will automatically create a new account for you.
You need to allow 3rd party cookie in your browser to use this feature.

The next time you encounter the login page with the same browser, the Google login will automatically display the last account logged into CertCycle.

register signin google2
Figure 9. Google Sign In Login

Clicking it will display a menu of accounts previously registered within the browser, select an account and it will ask for your password to login into your CertCycle account.

signin google2
Figure 10. Google Login Account Menu

Authenticate using Facebook

To authenticate using your Facebook account, simply click on the Sign in using Facebook button.

register signin fb
Figure 11. Sign in using Facebook Button

You will be presented with Facebook login page. Just login using your Google account and once completed you will be authenticated to CertCycle.

signin fb
Figure 12. Facebook Sign-in Page
If your Facebook’s email address has not been registered in the system, CertCycle will automatically create a new account for you.
You need to allow 3rd party cookie in your browser to use this feature.

Forgot Password

In case you forgot your login password, you can always reset your password by going into the forgot password module. Click on the I forgot my password link.

forgot password1
Figure 13. Forgot Password Link

You will be asked to enter your registered email address. Please enter your correct email address into the designated field and click on the Reset Password button.

forgot password2
Figure 14. Forgot Password Email Input

An email will be sent to your registered email address to guide you on the password reset steps.

forgot password3
Figure 15. Forgot Password Confirmation

Dashboard

Your dashboard is a place where you can have a bird view of the overall status of the certificates that you have uploaded to CertCycle. It provides you with some alerts and charts as detailed below.

dashboard
Figure 16. CertCycle Dashboard

Alerts

alerts
Figure 17. Alert section

This section gives you number of certificates (if any) that are managed by you that fall under specific criteria.

  • Keys less than or Equal to 1024 bits. This criterion applicable only for RSA. RSA with key-size of 1024-bit or less are considered as no longer secure and should no longer be used.

  • Weak Signing Algorithm - SHA1. SHA1 is considered as no longer secure enough to be used in the industry, hence its usage is no longer recommended. If you still have certificates using SHA1, consider upgrading to SHA2 or stronger signing algorithms instead, unless you have specific reason such as to accommodate old-legacy systems.

  • Weak Signing Algorithm - MD5. Worse than SHA1, MD5 is not a secure hashing algorithm anymore and should not be used for digital certificates. Do consider using stronger hashing algorithm such as SHA2.

  • Validity Period More Than 398 days. Major browsers now are enforcing TLS certificates validity to be no longer than 398 days to help ensure the security of the keys. As such, we consider certificates which has validity of more than 398 days as non-compliance and should be rectified unless you have your own specific reasons. You can read more about this from the following links:

  • Expiring in 14 Days or Less. This alert tells how many certificates are going to expire in 14 days or less. You should consider renewing your certificates as soon as possible to avoid disruptions from using expired TLS certificate for your websites.

  • Wildcard Certificates. A wildcard TLS certificate is a certificate that can be used to secure all first-level subdomains of single domain name. Wildcard certificates can be misused to aid in phishing attacks and hence not recommended.

Key Algorithm

keyalgo
Figure 18. Chart by Key Algorithm

This chart provides the overall view of the key algorithm used in the certificates that you are managing inside CertCycle.

Sign Algorithm

signalgo
Figure 19. Chart by Signing Algorithm

This chart provides the overall view of the signing algorithm used in the certificates that you are managing inside CertCycle.

Certificate Expiry

certexpiry
Figure 20. Chart by Certificate Expiry

This chart provides the number of certificates that have expired and expiring in:

  • 7 days

  • 14 days

  • 30 days

Certificate Tags

tags
Figure 21. Chart by Certificate Tag

This chart provides the overall view of the tags applied to the certificates that you are managing inside CertCycle.

My Account

You can change your account details from the My Account page. To go to my account page, just click on your name at the navigation menu once you are authenticated.

myaccount link
Figure 22. My Account Button

My Profile

myprofile
Figure 23. My Profile Page

You can change your profile details from this page. This includes your full name, address, landline, and mobile number.

Username and email cannot be changed once account is created.

Change Password

change password
Figure 24. Change Password Page

You can change your password here. For extra validation, you must enter your current password as well followed by your new password.

Authentication Options

auth options
Figure 25. Authentication Options Page

You can enable/disable FIDO authentication for your account here.

You must have FIDO token with you before you can enable FIDO authentication.
FIDO authentication provides extra security and convenience without needing you to remember your password. Whenever possible, we encourage users to use FIDO for authentication.

Delete Account

delete account
Figure 26. Delete Account Page

It is always sad to see someone goes away, but in case you need to, you can always delete your account here.

Deleting your account is irreversible. You will lose all your data and cannot be recovered. Proceed only if you understand what you are doing.

Admin

This feature is available only for company accounts.

Through this module, you can manage the administrators allowed to access your company. It is available on the navigation panel to the left.

admin section
Figure 27. Admin Section

Admin List

admin list
Figure 28. Admin List Page

You can see all the admins who can manage the company in this page. You can filter the list by:

  • Full email address.

  • Status.

There are TWO (2) statuses for an admin, ACTIVE and SUSPENDED. If you want to temporarily disallow an admin from accessing the company, you can suspend him/her instead of deleting the admin.

Activate/Suspend Admin

To activate/suspend an admin, simply click on the Activate or Suspend link at the list page.

activate suspend
Figure 29. Activate/Suspend Admin
If you see N/A, that is because you are not allowed to activate or suspend your own account.

Edit Admin

To edit an admin, simply click on the Edit link at the list page.

edit
Figure 30. Edit Admin

You will be redirected to another page where you can enter the new admin information. Once OK, click on the Save button.

edit2
Figure 31. Edit Admin Page

Delete Admin

To delete an admin, simply click on the Delete link at the list page.

delete
Figure 32. Delete Admin
This action is not reversible.
You will not lose the data that this admin has uploaded previously.

Admin Invitation

admin invite
Figure 33. Admin Invitation Page

To invite a new admin, simply enter the email address of the new admin. An email will be sent allowing the new admin to proceed with the account registration and activation.

Once you have entered the email address, click on the Send Invitation button to proceed.

Private CA

This module allows you to create your own CA.

privca section
Figure 34. Private CA Section
This module is only available if you are a customer of AVM Cloud. To learn more about AVM cloud, please go to https://www.avmcloud.net/.
All the CAs that you create here will not be automatically trusted by any browser or third party tools such as Adobe Reader.

Private CA List

This page allows you to see the list of the CAs that you have created.

privca list
Figure 35. Private CA List Page

For each of the private CAs, you can do the following actions:

  • Download Certificate. This will download the CA certificate of the CA that you select. Just click on the Download Certificate button.

  • Download Latest CRL. This will download the latest CRL of the CA that you select. Just click on the Download Latest CRL button.

  • Issued Certificates. This will redirect you to the certificate list page which automatically filter the list based on the subject DN of the CA that you have selected.

  • Deactivate CA. This will temporarily deactivate the CA that you select. This button will show only if your CA is active.

  • Activate CA. This will activate back the CA that you have deactivated. This button will show only if your CA is inactive.

  • Delete CA. This will permanently delete the CA that you select. This button will show only for CAs that do not have any sub CAs.

Once a CA is deleted, you cannot undo the operation. You can still recreate a new CA with the same name and subject DN, but you will not get the same key as the previous CA.

Create New Private CA

This page allows you to create a new private CA.

privca create
Figure 36. Create Private CA

To add a new private CA, you need to provide the following information:

  • Name. The name of the CA. This must be unique in your company. This name is just an indicator you can refer to in the future.

  • Subject DN. The subject DN of the CA. This subject DN will be used in the certificate of the CA. Maximum length of the Subject DN is 4000 characters. This is typically more than enough for a CA.

  • Sign Algorithm. You can choose among the following supported signing algorithms:

    • SHA256withRSA. This means that the CA certificate is signed using RSA key-pair with SHA-256.

    • SHA512withRSA. This means that the CA certificate is signed using RSA key-pair with SHA-512.

    • SHA256withECDSA. This means that the CA certificate is signed using ECDSA key-pair with SHA-256.

    • SHA512withECDSA. This means that the CA certificate is signed using ECDSA key-pair with SHA-512.

  • RSA Key Size. If you choose either SHA256withRSA or SHA512withRSA, you will need to choose the RSA key-size. Cert-Cycle supports the following RSA key-sizes:

    • 2048.

    • 3072.

    • 4096.

  • ECC Curve Name. If you choose either SHA256withECDSA or SHA512withECDSA, you will need to choose the ECC curve-name. Cert-Cycle supports the following ECC curve-names:

    • P-256.

    • P-384.

    • P-521.

  • Signer CA. You can choose from Self Signed, or if you have previously created one or more private CA(s), those CA(s) will be listed there as well.

  • Validity. This is the validity of the CA in the number of days. Maximum CA validity is 10950 days (30 years).

Once you have filled-in all the required information, simply click on the Create button. Your CA request will be sent to our server and a process will be triggered to create your CA.

When your CA is being created, you will see that your CA status is IN_PROGRESS.

privca inprogress
Figure 37. In Progress Private CA Creation

Once the CA creation completes, your new CA status will be changed to ACTIVE.

privca active
Figure 38. Active Private CA

Certificate

You can upload certificates and manage the certificates that you have uploaded in this module.

cert section
Figure 39. Certificate Section

Certificate List

cert list
Figure 40. Certificate List Page

As the name suggests, this page lists the certificates you have uploaded into CertCycle. You can filter the list by the following criteria:

  • Serial Number. You must enter the full certificate serial number here. Clicking on the search button will filter the list based on the serial number that you input here.

  • Subject DN. You can enter partial text from the Subject DN of your certificates. Clicking on the search button will filter the list based on the subject DN that you input here.

  • Issuer DN. You can enter partial text from the Issuer DN of your certificates. Clicking on the search button will filter the list based on the issuer DN that you input here.

  • Tag. You can choose from the dropdown list here. Everytime you tag a certificate, the tag will be shown here. Clicking on the search button will filter the list based on the tag you choose here.

  • Expiry. You can choose the date on when a certificate is going to expire. Clicking on the search button will filter the list based on the expiry date that you choose here.

Certificate tag can only contain alphanumeric.

To the right of each item, you may choose among THREE (3) different actions:

  • View. Clicking on the View link brings you to another page that shows the details of the certificate. This includes the certificate chain (if available) and the contact person (PIC).

  • Download. Clicking on the Download link will download the certificate. Depending on your browser settings, you may be able to choose where you want to save the file to.

  • Associate. Clicking on the Associate link opens a new popup allowing you to choose the endpoint(s) you want to associate the certificate with. You can choose multiple endpoints if you think the certificate is associated with multiple endpoints. For more detail about endpoint, please refer to Endpoints.

  • Delete. Clicking on the Delete link allows you to delete the certificate from the system. Note that this operation is not recoverable. If you need to re-add the certificate, you need to re-upload the certificate again.

Upload Certificate

There are THREE (3) ways for you to upload certificate to CertCycle.

Single Certificate Upload

The first tab allows you to upload a single certificate file. The supported file formats are pem, cer, and crt and the certificate must be stored as a PEM format.

cert upload single
Figure 41. Single Certificate Upload

Once you uploaded the file, a confirmation page will be shown containing the details of your certificate.

cert upload confirm
Figure 42. Single Certificate Upload Confirmation

The bottom section displays the PIC to whom you want to assign this certificate. If you have no PIC yet in the system, you can enter the new details at the Contact Person (PIC) section. Otherwise, you can as well select from existing PICs in the same section.

All fields are required for the PIC.
PIC is different with admin. PIC by itself cannot login to the system.

For more details please refer to PIC reference.

To cancel, just click on the Cancel button, otherwise click on the Confirm button to proceed with the certificate upload.

Multiple Certificate Upload

The second tab allows you to upload a zip of certificates. The supported certificate file formats are pem, cer, and crt and the certificate must be stored as a PEM format. All other files inside the zip file that are not recognised will be ignored.

cert upload multi
Figure 43. Multiple Certificate Upload

Once you uploaded the file, a confirmation page will be shown containing the details of your certificate(s).

cert upload multi confirm
Figure 44. Multiple Certificate Upload Confirmation

The bottom section displays the PIC to whom you want to assign this certificate. If you have no PIC yet in the system, you can enter the new details at the Contact Person (PIC) section. Otherwise, you can as well select from existing PICs in the same section.

All fields are required for the PIC.
PIC is different with admin. PIC by itself cannot login to the system.

For more details please refer to PIC reference.

To cancel, just click on the Cancel button, otherwise click on the Confirm button to proceed with the certificate upload.

URL Upload

The third tab allows you to upload a certificate via URL. The URL must be in HTTPS. CertCycle will connect to the URL and download the SSL certificate of the given domain.

Please always ensure that you own the domain you are entering.
cert upload url
Figure 45. URL Certificate Upload

Once the URL is entered, and you click on the Upload button, a confirmation page will be shown containing the details of your certificate(s).

cert upload url confirm
Figure 46. URL Certificate Upload Confirmation

The bottom section displays the PIC to whom you want to assign this certificate. If you have no PIC yet in the system, you can enter the new details at the Contact Person (PIC) section. Otherwise, you can as well select from existing PICs in the same section.

All fields are required for the PIC.
PIC is different with admin. PIC by itself cannot login to the system.

For more details please refer to PIC reference.

To cancel, just click on the Cancel button, otherwise click on the Confirm button to proceed with the certificate upload.

Change PIC

Sometimes you might want to change the PIC of a certificate to someone else. You can easily do it from the certificate details page.

change pic icon
Figure 47. Change PIC Button

As shown in the above screenshot, you can click on the Change PIC button. This will allow you to change the PIC either by selecting existing one or creating a new one.

If you want to create a new PIC, just choose -- New Contact -- option from the dropdown list as shown below. You can then enter the new PIC information.

change pic new
Figure 48. Change PIC New Contact

To cancel, just click on the Cancel button. Clicking on the Confirm button confirms the changes.

Contact Person (PIC)

The PIC section allows you to manage PICs of your certificates. A PIC has no access to the system, unless he/she has an admin account as well. If you want to invite another admin, you can refer to Admin Invitation.

pic section
Figure 49. PIC Section
For personal account, you will most likely be the only one PIC since you are managing it for yourself. For company account, you can have different PICs managing different certificates for example.

PIC Add

pic add
Figure 50. PIC Add Page

This page lets you add a PIC. Once the details is added, click Save and the newly created PIC will be processed in a moment. The PIC created can be accessed in the PIC List for further operations.

PIC List

This page allows you to see the list of the PICs that you have.

At the top section, you can see the filtering section that can help you filter the list. This page allows you to filter your PIC by the full email address.

pic list
Figure 51. PIC List Page

Assign PIC

To assign a PIC with a certificate, you can click on the Assign link associated with the PIC that you want to deal with.

pic assign1
Figure 52. PIC Assign Link

Once you click on the Assign link, you will be directed to another page from where you can assign a new certificate.

pic assign2
Figure 53. PIC Assign Page

As can be seen from the screenshot above, section 1 is where you can enter the certificate serial number and issuer DN of the certificate that you want to assign to this PIC. Once OK, just click on the Loop button.

At the section 2, you should be able to see the list of certificates currently assigned to this PIC.

The certificate that you assign to a new PIC will be automatically un-assigned from the previous PIC.

Edit PIC

To edit a PIC, you can click on the Edit link associated with the PIC that you want to edit.

pic edit1
Figure 54. PIC Edit Link

Once you click on the Edit link, you will be directed to another page from where you can enter the new information.

pic edit2
Figure 55. PIC Edit Page

From this page, you can enter the new information. Click on the Save button when you are happy with the new information.

Delete PIC

To delete a PIC, you can click on the Delete link associated with the PIC that you want to delete.

pic delete1
Figure 56. PIC Delete Link
You cannot delete a PIC that is currently managing any certificate.
This action cannot be reversed. You will need to re-create the PIC again if you delete it by mistake. If you just want to change the information, consider editing the PIC data instead.

Transfer PIC

People come and go out of our company. Hence, sometimes you might want to transfer ownership of certificate(s) from one PIC to another. You can do that using this feature.

pic transfer
Figure 57. PIC Transfer Page

At section 1 above, you can choose the current PIC. At section 2, you choose the new PIC. Simply speaking, all certificates managed by the current PIC (section 1) will be transfered to the new PIC (section 2).

Once OK, click on the Confirm button to proceed with the PIC transfer.

Certificate Request

You may purchase new certificate from various CAs supported by this platform. Certificate issued via this platform will be added automatically into certificate list.

certreq section
Figure 58. Certificate Request Section

Certificate Request List

certreq list
Figure 59. Certificate Request List Page

This page lists the new certificate requests that you have made at CertCycle. You can filter the list by the following criteria:

  • Status. You may filter any status of the certificate request here. Clicking on the search button will filter the list based on the status that you have selected. List of status here.

  • CA Name. You may enter the full CA Name of the selected CA during the certificate request. Clicking on the search button will filter the list based on the CA Name that you input here.

To the right of each item, you may choose to perform several actions. Available actions depend on the status of each request.

  • View. Clicking on the View link brings you to another page that shows the details of the certificate request.

  • Edit. Clicking on the Edit link brings you to another page that allows you to edit the request. This page is same as the input page when the request is first made.

  • Checkout. Clicking on the Checkout link brings you to Shopping Cart list page.

  • Download. Clicking on the Download link will download the newly enrolled certificate. Depending on your browser settings, you may be able to choose where you want to save the file to.

  • Validation Text. Clicking on the Validation Text option will trigger a pop-up message that show the required action from user in order to complete the certificate enrollment.

  • Complete Validation. Clicking on the Complete Validation link will submit a request to CertCycle to continue the certificate issuance process. Upon successful certificate issuance, the status will be changed to Complete.

  • Check Status. Clicking on the Check Status link will submit a request to CertCycle to check the status from the issuing CA. Upon successful certificate issuance, the status will be changed to Complete.

  • Send Password. Clicking on the Send Password link will request for password to be sent to PIC for the issued keystore (for mode PKCS12 or JKS).

Certificate Request Status

The certificate request and enrollment process will involve several stages represented by different status. Issuance process might vary depending on issuing CA. Available stage/status are as below:

  • Pending Payment. Status for new request. Request can still be edited at this stage. In order to continue the certificate issuance, user will need to complete checkout and payment process. Refer to Checkout process for details.

  • In progress. Status for request that has been checked out. Cert-cycle is processing the request and will submit to corresponding CA based on user input during request.

  • Pending Issue. Status for request that has been submitted and CA is processing the request. User may request to check status at the Action menu Check Status to check if CA already completed the certificate issuance.

  • Require Validate. Status for request that has been submitted and CA requires some validation in order to complete the request. User can check the validation required at the Action menu Validation Text.

  • Completed. Status for request that certificate is already issued.

New Certificate Request

New request can be initiated at the Certificate request section or from certificate list via Renew action.

certreq newreq
Figure 60. New Certificate Request
certreq renewreq
Figure 61. Renew Certificate Request

Select CA

certreq selectca
Figure 62. Certificate Request Select CA Page

First step of certificate request is to select the Certificate Authority (CA) you wish to issue your required certificate.

Upon selecting any CA, you will be directed to a next step which is to fill in required information for the certificate request.

Form

certreq form
Figure 63. Certificate Request Form Page

Second step of certificate request is to fill in required information. All field are mandatory.

Upon completing the information insertion. Click Save at the bottom of the page to continue the certificate request process. A successful request will create an entry at Certificate Request List with status Pending Payment.

To continue the certificate issuance, proceed to check out at Cart page. Refer to Shopping Cart section for more details.

Generate CSR

This page allows you to generate a CSR and a private key.

certreq gencsrpage
Figure 64. Generate CSR page

To generate a CSR, you need to provide the following information:

  • Subject DN. This is the subject DN to be contained in the CSR. Maximum length of the Subject DN is 2000 characters.

  • Subject Alternative Name. This is an optional parameter. If provided, it will be included in the CSR as the Subject Alternative Name. The maximum length of the Subject Alternative Name is 2000 characters.

  • Key Algorithm. You can select from the available key algorithms:

    • RSA

    • ECC

  • Key Specification. Choose the key specification based on your selected key algorithm.

    • RSA Key Size. If you opt for RSA, you need to choose the RSA key size. Cert-Cycle supports the following RSA key sizes:

      • 2048

      • 3072

      • 4096

    • ECC Curve Name. If you opt for ECC, you need to choose the ECC curve name. Cert-Cycle supports the following ECC curve names:

      • P-256

      • P-384

      • P-521

If you choose RSA, the signing algorithm will be SHA256withRSA. If you choose the ECC, the signing algorithm will be SHA256withECDSA.

Once you have filled-in all the required information, simply click on the Generate CSR button. Your request will be sent to the server, which will then display a modal dialog containing the generated CSR values and the private key.

certreq csrprivkey
Figure 65. A modal dialog containing the generated CSR and the private key will be displayed
Cert-Cycle never stores the generated private key. You need to store your private key securely by yourself. Once you close the window, your private key is gone.

Shopping Cart

Cart page is a list of incomplete certificate request which allow user to perform check out and complete the certificate request purchase.

cart section
Figure 66. Cart Section

Cart List

cart list
Figure 67. Cart List Page

This page lists the incomplete certificate requests with status Pending Payment that you have requested earlier. You may select any certificate request (at least 1) to proceed with the purchase checkout process.

At the bottom of the page, there is a button Checkout which will bring user to the next checkout page.

Cart Checkout

cart checkout
Figure 68. Cart Checkout Page

The checkout page is a continuity of the certificate request checkout process from Cart List page. This page provides the summary of item(s) selected prior to the payment process. User may perform the following action at this page:

  • Back. Clicking on Back button will navigate user back to Cart List page.

  • Apply Promo. Clicking on Apply Promo button will open up a pop-up window for user to input promotion code. Refer promo section for more info.

  • Proceed Payment. Clicking on Proceed Payment button will open up a pop-up window for user to input payment details and complete the purchase. Refer payment section for more info.

Promotion Code must be entered before payment in order for the code to take effect. Each transaction allows ONE(1) active promotion code to take effect.

Promotion

cart promo
Figure 69. Promotion Window

Cert-cycle will release promotion from time to time to offer special rate during certificate purchase. This window allows user to insert promotion code for current checkout/purchase. User may perform the following action at this window:

  • Back. Clicking on Back button will close the pop-up window. User may also click on area out of the pop-up window to archive the same result.

  • Apply. Clicking on Apply button will apply the successfully verified promotion code and recalculate the total chargeable amount. This button is disabled by default until a code is successfully verified.

  • Search . Clicking on search button will validate the promotion code entered. If the code is valid, Apply button will be activated.

Payment

cart payment
Figure 70. Payment Window

This window direct user to Cert-cycle integrated payment gateway. This windows allows user to insert payment details and complete the payment required for the certificate request.

Upon the generation of this window, a transaction record will be created. User can later refer to the transaction at Transaction List page.

Upon completing the payment, the pop-up window will automatically redirect to a payment success page and will be closed automatically shortly. Main window will also be directed to Certificate Request List Page.

cart paymentsuccess
Figure 71. Payment Success Window

Transaction

All payment attempt during certificate request purchase regardless of the result will be recorded for audit and checking purposes.

trans section
Figure 72. Transaction Section

Transaction List

trans list
Figure 73. Transaction List Page

This page lists the transaction you have made at CertCycle during certificate request checkout. You can filter the list by the following criteria:

  • Status. You may filter any status of the certificate request here. Clicking on the search button will filter the list based on the status that you have selected.

  • Username. You may enter the Username of the active user during the transaction is generated. Clicking on the search button will filter the list based on the Username that you input here.

To the right of each item, you may click on Details link which will open a pop-up menu showing the details of each transaction.

Domain

This module allows you to interact with the domains that we discovered when you upload a certificate.

We retrieve domains based on the value of the CN from the certificates that you upload. This is applicable only for SSL certificates.
domain section
Figure 74. Domain Section

Domain List

In this page, you can see all the domains that we discovered.

domain list
Figure 75. Domain List Page

As can be seen from the above screenshot, the section 1 allows you to filter the list based on several criteria.

  • Domain. You may enter a text that is part of the domain that you want to search. Once you click on the Filter button, the list will be filtered based on the value that you entered here.

  • Connectivity Status. This status indicates whether your domain can be connected successfully or not. You can choose from several options.

    • All: It will not do any filtering to the list. This is the default.

    • Unknown: It will filter the list to show only domains that the connectivity status is unknown.

    • Up: It will filter the list to show only domains that the connectivity status is up.

    • Down: It will filter the list to show only domains that the connectivity status is down.

    • Pending for Update: It will filter the list to show only domains that is waiting for an update.

  • SSL Certificate Status. This status indicates whether your domain SSL certificate is valid or not. You can choose from several options.

    • All: It will not do any filtering to the list. This is the default.

    • Unknown: It will filter the list to show only domains that the SSL certificate status is unknown.

    • Ok: It will filter the list to show only domains that the SSL certificate status is OK.

    • Not Ok: It will filter the list to show only domains that the SSL certificate status is not OK.

    • Pending for Update: It will filter the list to show only domains that is waiting for an update.

domain health status
Figure 76. Domain Health Status

Manual Health Check

You can manually request CertCycle to check the health for a domain. Simply click on the Check link associated with a domain you want to check. It will send the request back to server and update the new status after a while.

domain health check
Figure 77. Domain Manual Health Check

Delete Domain

To delete a domain, simply click on the Delete link associated with the domain you want to delete.

domain delete
Figure 78. Domain Delete Link

Bridge

Bridge is a component of CertCycle that allows connectivity between your local data centre with the CertCycle cloud.

This feature is only available for company account.
bridge section
Figure 79. Bridge Section

Bridge List

bridge list
Figure 80. Bridge List Page

In this page, you can view all the bridges that you have created in the system. You can filter the list by the following criteria:

  • Initialised. You can choose among All, Yes, and No.

  • Enabled. You can choose among All, Yes, and No.

  • Build. You can choose among All, Ready, and Pending.

  • Name. You can enter the partial name of the bridge that you want to search for.

There is also an icon indicating whether or not your bridge is alive. If you hover over it, you will be able to see when was the last time the bridge connected to CertCycle cloud.

In addition to that, you can also apply one of the following operations to each of the bridges:

View Bridge

This is used to view the details of a bridge. Click on it and you will be redirected to a new page with more detailed information on the bridge itself.

bridge view
Figure 81. Bridge View

Below are some information displayed with regard to a bridge:

  • Name. The name of the bridge. This is according to the name that you put during bridge creation.

  • Description. The description of the bridge. This is according to the description that you put during bridge creation.

  • Initialised. This flag indicates whether or not a bridge has been initialised. When a bridge is created, the default status is uninitialised. You will need the secret key to initialise your new bridge.

  • Enabled. This flag indicates whether or not a bridge is enabled. When a bridge is disabled, CertCycle will reject any connectivity from this specific bridge. You can enable the bridge back to bring it up online again based on what you deemed as appropriate. Go here on how to enable/disable a bridge.

  • Build Status. This flag indicates whether or not CertCycle has finished building the binary for this specific bridge. Once completed, the status will be changed to Ready which indicates that you can now download the binary and deploy it to your own premise.

  • Version. This is the version number of the bridge.

  • Secret Key. This key is required during first time bridge initialisation. It will only be displayed once.

Once you have viewed the secret key, there is no way to retrieve it back. If you lose the secret key before activating your bridge, you can simply delete this bridge and create a new one.

  • Bridge Hash. This is the hash value of the bridge’s binary computed using SHA-256. It is always a best practice to compare the hash value shown here with the hash value computed using your downloaded binary. If the values do not match, that means your download is corrupted or might have been tampered with. Since CertCycle do not store any binary once downloaded, you can simply delete this bridge and create a new one to resolve the issue.

  • Download Bridge. This part contains a link that you can click and download the bridge’s binary.

CertCycle does not keep your bridge’s binary once you decide to download it. Please make sure that you keep the binary safely on your side.

Besides displaying some of the details, this page also shows the history of commands that you have sent to this specific bridge. When applicable, you can Transfer the command to another bridge, or you can also Delete the command from the history.

Enable/Disable Bridge

To change the state of a bridge (enabled / disabled), you can click on either Enable or Disable on the actions dropdown list to the right of each of the bridges.

enable bridge
Figure 82. Enable Bridge
disable bridge
Figure 83. Disable Bridge
Delete Bridge

To delete a bridge, click on the Delete on the actions dropdown list to the right of each of the bridges.

This action is not reversible. Once deleted, you will need to create a new bridge. Existing bridge will no longer be able to connect to CertCycle.
delete bridge
Figure 84. Delete Bridge
Transfer Command

There might be a case where the server in which your bridge is deployed is down. In this case, you can redirect (transfer) the command to another working bridge server. Note that only commands that are in Pending status can be transferred.

To transfer a command, simply click on the Transfer button to the right of the command.

click transfer
Figure 85. Transfer Button

A popup will show from where you can choose the target bridge to execute the command. You need to have at least another active bridge to be able to serve the command.

target bridge
Figure 86. Target Bridge

Once you select the correct target bridge, just click on the Transfer button and follow the on-screen instructions. You should be able to see a success message once the command transfer is completed.

Delete Command

If you wish to delete a command, you can simply click on the Delete button to the right of the command.

click delete
Figure 87. Delete Button

Just follow the on-screen instruction. Once the command is successfully deleted, you should be able to see a success message on the screen.

Bridge Plugins

To see all the plugins supported by the bridge, you can choose menu item Plugins. This will bring you to a new page from where you can download the plugins. Each plugin has its own SHA-256 sum associated with it. After you download the plugin, you can use the given SHA-256 hash value to ensure that your download is not corrupted.

plugins list
Figure 88. Plugins List

Send Command

To send a command to a bridge, you can choose menu item Command. This will bring you to a new page from where you can put any details required based on whatever command you want to send to the bridge.

There are TWO (2) generic parameters you always have to provide before sending a command:

  • Target Bridge. You need to choose to which bridge this command should be sent to. You need to have at least ONE (1) bridge available to execute the command.

  • Type. You need to choose the type of the command that you wish to send. Currently, there are TWO (2) types of commands available:

    • Bridge Updater. This type is used to trigger the bridge to request a new build with a new version. Go here to have a more detailed discussion on this type of command.

    • Network Scanner. This type is used to trigger the bridge to do network scanning. Go here to have a more detailed discussion on this type of command.

    • JBoss Updater. This type is used to trigger the bridge to update the keystore and/or truststore of a JBoss/Wildfly. Go here to have a more detailed discussion on this type of command.

    • Apache Updater. This type is used to trigger the bridge to update the keystore and/or truststore of an Apache. Go here to have a more detailed discussion on this type of command.

    • Nginx Updater. This type is used to trigger the bridge to update the keystore and/or truststore of an Nginx. Go here to have a more detailed discussion on this type of command.

    • Tomcat Updater. This type is used to trigger the bridge to update the keystore and/or truststore of a Tomcat. Go here to have a more detailed discussion on this type of command.

Bridge Updater

If there is a new version of a bridge available, you can tell a bridge to trigger a new build of the bridge using the latest version available. You need to provide some mandatory information before proceeding:

  • New Bridge Name. This will be the name of the new bridge. This field is mandatory. If you wish to reuse the existing bridge’s name, you can tick on the Reuse bridge name. This will rename your target bridge by appending the current version number.. As mentioned, the existing bridge will be renamed to something else.

  • New Bridge Description. This will be the description of the new bridge. This field is mandatory. If you wish to reuse the existing bridge’s description, you can tick on the Reuse bridge description..

Network Scanner

Network scanner is the capability of the bridge to scan the network based on the pre-defined constraints. The purpose of the scanning is to find any certificate available on the network. You need to provide some mandatory information before proceeding:

  • Start Address. This is the IP address from where the scan should begin. Currently only support IPv4.

  • End Address. This is the IP address to where the scan should complete (inclusive). Currently only support IPv4.

  • Start Port. This is the port number from where the scan should begin. The value should be between 2 and 65535 (inclusive).

  • End Port. This is the port number to where the scan should complete (inclusive). The value should be between 2 and 65535 (inclusive).

Please be reminded that the higher the IP and port ranges, the longer it will take for the scan to complete.

  • Timeout. This is the timeout value before the bridge gives up trying to connect to a port. The value should be between 1 and 60 seconds (inclusive).

The higher the timeout, the longer it will take for the scan to complete, especially if you have a bigger range of ports which mostly not listening on.

  • Concurrency. This is the number of concurrent scanning the bridge shall proceed with. The value should be between 1 and 500.

The higher the value, the higher the load on your network will be, albeit considerably low. This is because the bridge will only try to connect to an IP and port, grab the TLS certificate, if any, and then disconnect. You will only notice a spike of network activity from the bridge server.

JBoss Updater

JBoss updater is the capability of the bridge to update the keystore and/or truststore of a JBoss/Wildfly deployment.

Currently, only JBoss/Wildfly deployed on Linux OS is supported.

To proceed, You need to provide some mandatory information:

  • Endpoint. This is the target endpoint where the JBoss/Wildfly is deployed. Please refer to here to learn more about Endpoints in Cert-Cycle.

  • SSH Private Key. This is an optional parameter. If your server requires key to perform SSH authentication, you have to select the correct key. Please refer th here to learn more about SSH private keys.

  • Keystore. This is the certificate to be used to update the keystore of the JBoss/Wildfly. Note that this must be a keystore format (i.e. P12 / JKS) as private key is required to be used as a keystore.

  • Keystore Password. This is the password to protect the new keystore.

It is a requirement that you use the same password as the one currently being used to protect your JBoss' keystore file.

  • Confirm Keystore Password. To confirm the keystore password. Must be the same value as the one you enter in the Keystore Password field.

  • Keystore Path. This is the full path to the keystore file. It must include the name of the current keystore file as well.

It is a requirement that you use the same file name for the keystore as the one currently being configured in your JBoss.
Cert-Cycle will perform password verification on the existing keystore file, hence it is imperative that the file must exist first in the system.
Cert-Cycle performs keystore password verification using the keytool command, hence please make sure that the keytool command is in the execution path.

  • Update Truststore. This is the flag indicating whether or not the truststore of the JBoss should be updated. If Yes is chosen, below truststore configuration parameters must be configured.

  • Truststore. This is the certificate to be used to update the truststore of the JBoss/Wildfly.

  • Truststore Password. This is the password to protect the new truststore.

It is a requirement that you use the same password as the one currently being used to protect your JBoss' truststore file.

  • Confirm Truststore Password. To confirm the truststore password. Must be the same value as the one you enter in the Truststore Password field.

  • Truststore Path. This is the full path to the truststore file. It must include the name of the current truststore file as well.

It is a requirement that you use the same file name for the truststore as the one currently being configured in your JBoss.
Cert-Cycle will perform password verification on the existing truststore file, hence it is imperative that the file must exist first in the system.
Cert-Cycle performs truststore password verification using the keytool command, hence please make sure that the keytool command is in the execution path.

  • Restart JBoss. This is the flag indicating whether or not the JBoss should be restarted to apply the change. If Yes is chosen, below JBoss configuration parameters must be properly configured.

  • JBoss CLI. This is the full path to the JBoss CLI. It must include the name of the CLI script as well. The default value is /opt/jboss/bin/jboss-cli.sh. You can change the value based on your current deployment.

  • JBoss CLI Username. This configuration is optional. If your JBoss CLI is protected by username/password, then you have to put the username to be used here.

  • JBoss CLI Password. This configuration is optional. If your JBoss CLI is protected by username/password, then you have to put the password to be used here.

Apache Updater

Apache updater is the capability of the bridge to update the keystore and/or truststore of an Apache deployment.

Currently, only Apache deployed on Linux OS is supported.

To proceed, You need to provide some mandatory information:

  • Endpoint. This is the target endpoint where the Apache is deployed. Please refer to here to learn more about Endpoints in Cert-Cycle.

  • SSH Private Key. This is an optional parameter. If your server requires key to perform SSH authentication, you have to select the correct key. Please refer th here to learn more about SSH private keys.

  • Keystore. This is the certificate to be used to update the keystore of the Apache. Note that this must be a keystore format (i.e. P12 / JKS) as private key is required to be used as a keystore.

  • SSL Certificate Path. This is the full path to the SSL certificate file. It must include the name of the current SSL certificate file as well.

It is a requirement that you use the same file name for the SSL certificate file as the one currently being configured in your Apache.

  • SSL Certificate Key Path. This is the full path to the SSL certificate key file. It must include the name of the current SSL certificate key file as well.

It is a requirement that you use the same file name for the SSL certificate key file as the one currently being configured in your Apache.

  • Update Truststore. This is the flag indicating whether or not the truststore of the Apache should be updated. If Yes is chosen, below truststore configuration parameters must be configured.

  • Truststore Path. This is the full path to the truststore file. It must include the name of the current truststore file as well.

It is a requirement that you use the same file name for the truststore as the one currently being configured in your Apache.

  • Restart Apache. This is the flag indicating whether or not the Apache should be restarted to apply the change. If Yes is chosen, below Apache configuration parameters must be properly configured.

  • Apache Service Name. This is the name of the Apache service configured in your environment. Cert-Cycle will issue systemctl restart command followed by the service name. If the service name is not listed here, you will want to restart the Apache yourself.

  • Use sudo. This is the flag indicating whether or not to use sudo command when executing the Apache restart command.

To be able to use sudo properly, you need to have your SSH password configured correctly at the target endpoint.

Nginx Updater

Nginx updater is the capability of the bridge to update the keystore and/or truststore of an Nginx deployment.

Currently, only Nginx deployed on Linux OS is supported.

To proceed, You need to provide some mandatory information:

  • Endpoint. This is the target endpoint where the Apache is deployed. Please refer to here to learn more about Endpoints in Cert-Cycle.

  • SSH Private Key. This is an optional parameter. If your server requires key to perform SSH authentication, you have to select the correct key. Please refer th here to learn more about SSH private keys.

  • Keystore. This is the certificate to be used to update the keystore of the Nginx. Note that this must be a keystore format (i.e. P12 / JKS) as private key is required to be used as a keystore.

  • SSL Certificate Path. This is the full path to the SSL certificate file. It must include the name of the current SSL certificate file as well.

It is a requirement that you use the same file name for the SSL certificate file as the one currently being configured in your Nginx.

  • SSL Certificate Key Path. This is the full path to the SSL certificate key file. It must include the name of the current SSL certificate key file as well.

It is a requirement that you use the same file name for the SSL certificate key file as the one currently being configured in your Nginx.

  • Update Truststore. This is the flag indicating whether or not the truststore of the Nginx should be updated. If Yes is chosen, below truststore configuration parameters must be configured.

  • Truststore Path. This is the full path to the truststore file. It must include the name of the current truststore file as well.

It is a requirement that you use the same file name for the truststore as the one currently being configured in your Nginx.

  • Restart Nginx. This is the flag indicating whether or not the Nginx should be restarted to apply the change. If Yes is chosen, below Nginx configuration parameters must be properly configured.

  • Nginx Service Name. This is the name of the Nginx service configured in your environment. Cert-Cycle will issue systemctl restart command followed by the service name. If the service name is not listed here, you will want to restart the Nginx yourself.

  • Use sudo. This is the flag indicating whether or not to use sudo command when executing the Nginx restart command.

To be able to use sudo properly, you need to have your SSH password configured correctly at the target endpoint.

Tomcat Updater

Tomcat updater is the capability of the bridge to update the keystore and/or truststore of a Tomcat deployment.

Currently, only Tomcat deployed on Linux OS is supported.

To proceed, You need to provide some mandatory information:

  • Endpoint. This is the target endpoint where the Tomcat is deployed. Please refer to here to learn more about Endpoints in Cert-Cycle.

  • SSH Private Key. This is an optional parameter. If your server requires key to perform SSH authentication, you have to select the correct key. Please refer th here to learn more about SSH private keys.

  • Keystore. This is the certificate to be used to update the keystore of the Tomcat. Note that this must be a keystore format (i.e. P12 / JKS) as private key is required to be used as a keystore.

  • Keystore Password. This is the password to protect the new keystore.

It is a requirement that you use the same password as the one currently being used to protect your Tomcat’s keystore file.

  • Confirm Keystore Password. To confirm the keystore password. Must be the same value as the one you enter in the Keystore Password field.

  • Keystore Path. This is the full path to the keystore file. It must include the name of the current keystore file as well.

It is a requirement that you use the same file name for the keystore as the one currently being configured in your Tomcat.
Cert-Cycle will perform password verification on the existing keystore file, hence it is imperative that the file must exist first in the system.
Cert-Cycle performs keystore password verification using the keytool command, hence please make sure that the keytool command is in the execution path.

  • Update Truststore. This is the flag indicating whether or not the truststore of the Tomcat should be updated. If Yes is chosen, below truststore configuration parameters must be configured.

  • Truststore. This is the certificate to be used to update the truststore of the Tomcat.

  • Truststore Password. This is the password to protect the new truststore.

It is a requirement that you use the same password as the one currently being used to protect your Tomcat’s truststore file.

  • Confirm Truststore Password. To confirm the truststore password. Must be the same value as the one you enter in the Truststore Password field.

  • Truststore Path. This is the full path to the truststore file. It must include the name of the current truststore file as well.

It is a requirement that you use the same file name for the truststore as the one currently being configured in your Tomcat.
Cert-Cycle will perform password verification on the existing truststore file, hence it is imperative that the file must exist first in the system.
Cert-Cycle performs truststore password verification using the keytool command, hence please make sure that the keytool command is in the execution path.

  • Restart Tomcat. This is the flag indicating whether or not the Tomcat should be restarted to apply the change. If Yes is chosen, below Tomcat configuration parameters must be properly configured.

  • Tomcat Service Name. This is the name of the Tomcat service configured in your environment. Cert-Cycle will issue systemctl restart command followed by the service name. If the service name is not listed here, you will want to restart the Tomcat yourself.

  • Use sudo. This is the flag indicating whether or not to use sudo command when executing the Tomcat restart command.

To be able to use sudo properly, you need to have your SSH password configured correctly at the target endpoint.

Bridge Creation

It is extremely simple to create a new bridge. To create a new bridge, click on the Create menu item on the Bridges section.

create bridge
Figure 89. Create Bridge Menu Item

You will need to enter mandatory information below:

  • Name. The name of the bridge. This is used as an indicator or uniquely identify the bridges inside your company. We recommend that you are using the more indicative name (e.g.: hrserverbridge01) instead of some general name (e.g.: mybridge). Although, it’s up to you in the end.

  • Description. The description of the bridge to explain a little bit on what this specific bridge is about.

create bridge page
Figure 90. Create Bridge Page

Once you have clicked on the Create button, you will need to wait a while until the executable is ready to be downloaded. You can check and download the binary from the view bridge page. Refer to download bridge for more information.

As of now, the bridge can only be deployed on Linux and Windows OS. Support for other OS will be added in the future.

Bridge Deployment

Deploying and initialising a bridge is as simple as creating a new bridge. You can follow the steps below from creation to deployment of a bridge.

Create a new bridge

Go to BridgesCreate, and enter the required information.

bridge step1
Figure 91. Create a new bridge
Wait for the binary to be ready.

Download the bridge

Once the bridge is ready for download, you can click on the Click here to download [OS] version link to download the binary. You may download for the specific OS you would like to use. Upon first time run, the bridge will check whether or not you have the plugins ready. If you’re not, it will download and setup the plugins for you.

download link
Figure 92. Download binary link
We will retain the binary in our system for at most THREE (3) days. If you do not download the binaries within THREE (3) days, the binaries will be automatically cleared from our system. You can create a new one if necessary.

Initialise the bridge

To initialise the bridge, you need to have the secret key first. To get the secret key, you can go to the BridgeActionsView on the specific bridge you would like to initialise. After that, click on the Click here to retrieve link.

retrieve secret key
Figure 93. Retrieve Bridge Secret Key
The bridge needs to connect to bridge.cert-cycle.com to perform the necessary key exchange and grab the commands that you can send to it. Hence, it is imperative that the server where the bridge is deployed must have access to the internet.

To initialise the bridge, run the bridge executable. It will check whether or not the bridge has been initialised. If it’s not yet initialised, it will continue with initialisation sequence, where you will need to enter the secret key.

initialise
Figure 94. Bridge Initialisation

Once initialised, the bridge will be started successfully.

started
Figure 95. Bridge Started

Install as a startup service

To ensure that the bridge started together with the OS so that you do not need to keep running it manually, we recommend that you install the bridge as a startup service. To do this, please refer to your specific OS documentation.

Here, we provide a guide on configuring a bridge as a systemd service and has been verified on Ubuntu 22.04. Some adjustments might be needed for different operating systems or Linux distros without systemd.

  • Go to /etc/systemd/system

    cd /etc/systemd/system

  • With privileged access, create a file ccbridge.service with the following content:

Remember to put correct value for the ExecStart, User, and WorkingDirectory configurations. 
[Unit]
Description=CertCycle Bridge
After=network.target

[Service]
ExecStart=/path/to/your/bridge/binary
User=service_username
WorkingDirectory=/path/to/your/bridge/folder
Type=simple
Restart=on-failure

[Install]
WantedBy=default.target
RequiredBy=network.target

  • Reload the systemd daemon using the following command.

    sudo systemctl daemon-reload

  • Enable the service to run on startup.

    sudo systemctl enable ccbridge

  • Run the service.

    sudo systemctl start ccbridge

Bridge Update

From time to time, there will be a new release of CertCycle bridge available. When an update is available, an indicator will be showing to the right of the version number when you view the bridge.

bridge update
Figure 96. Bridge Update

Clicking on the Update Available button shows the details of the update.

update details
Figure 97. Update Details

To trigger the bridge to generate an updated version, click on the Trigger Update button. It brings you to the Bridge Updater page. Once all the necessary information are submitted, a new bridge will be created in your company.

update1
Figure 98. Send Bridge Update Command

Once the bridge successfully executed the update, if you go to the Bridge List, you will see a new bridge has been created.

update2
Figure 99. New Bridge Created

You will see that the status for the new bridge is Initialised and Enabled by default. When the new build is ready, you can download the new bridge’s binary and use it to replace the one that you already have in your server.

Discovery

By utilising the network scanning feature, Bridge will be able to tell CertCycle what are the servers that have been discovered during the scanning process.

The discovered hosts will only be listed if there is at least ONE (1) port available and secured via TLS whereas the Bridge able to grab the SSL certificate.
discovery
Figure 100. Discovered Hosts

To the right of each of the discovered hosts, there is an Actions menu consists of the following actions:

  • Register Endpoint. This is used to register the host as an endpoint which can be used further inside CertCycle.

  • Delete. This is used to delete that specific discovered host.

Register as Endpoint

To register a discovered host as an endpoint, you will need to enter the following information:

  • Hostname. The server’s hostname.

  • IP. The server’s IP address. This is already pre-populated by the system. You can change it if necessary.

  • Type. The type of the host.

  • OS. The OS of the host.

  • Remark. The remark or note associated with this endpoint for your own reference.

  • SSH Username. The username used to SSH to this endpoint.

  • SSH Password. The password used to SSH to this endpoint.

  • SSH Port. The port used to SSH to this endpoint. The default port number is 22 if left blank.

  • SSH Server Public Key. The SSH public key representing the server.

  • Environment Variables. This is the list of environment variables to be provided together when executing remote command against this particular endpoint.

Register Multiple Endpoints

To register multiple endpoints, you can select each of the host by checking the checkbox for each of it and then click on the Register Endpoint button at the below of the page.

You will be asked to enter the following details: - Type. The type of the host. - OS. The OS of the host.

The type and OS information is shared among all the selected hosts.
The hostname will be populated with the IP address. You can always change it later on by editing the endpoint.
All other optional information will be left empty.

Delete Multiple Discovered Hosts

To delete multiple discovered hosts, you can select each of the hosts by checking the checkbox for each of it and then click on the Delete button at the below of the page.

Note that this action is irreversible. You will need to do another round of discovery for it to show in the list again.
discovery certs
Figure 101. Discovered Certificates

To the right of each of the discovered certificates, there is an Actions menu consists of the following actions:

  • View. This is used to view some information of the certificates.

  • Make Managed. This is used to register the certificate to Cert-Cycle, hence making it managed by the Cert-Cycle.

  • Delete. This is used to delete that specific discovered certificate.

Make a Certificate Managed

To make a discovered certificate as managed, you will need to enter the PIC information. You can either choose from existing PIC that you already have in your company, or you can also add a new one by entering the new PIC information. Optionally, you can also choose an endpoint or multiple endpoints to associate the certificate with.

make managed single
Figure 102. Make Single Certificate Managed

Make Multiple Certificates Managed

To make multiple discovered certificates as managed, you can select each of the discovered certificates by checking the checkbox for each of it and then click on the Make Managed button at the below of the page.

You will need to enter the PIC information. You can either choose from existing PIC that you already have in your company, or you can also add a new one by entering the new PIC information. Optionally, you can also choose an endpoint or multiple endpoints to associate the certificate with.

The PIC and associated endpoint(s) (if any) will be shared among all the selected certificates.
make managed multi
Figure 103. Make Multiple Certificates Managed

Delete Multiple Discovered Certificates

To delete multiple discovered certificates, you can select each of the certificates by checking the checkbox for each of it and then click on the Delete button at the below of the page.

Note that this action is irreversible. You will need to do another round of discovery for it to show in the list again.

Endpoints

An endpoint is an entity that is registered and known by CertCycle. This can be used for some operations offered by CertCycle. To add an endpoint, please refer to Register as Endpoint.

Endpoint List

In this page, you may see all the endpoints that have been registered in your company.

list
Figure 104. Endpoint List

You can filter the list by the following parameters:

  • Type. The type of the endpoint.

  • Hostname. The full hostname of the endpoint.

  • IP. The full IP address of the endpoint.

There are FOUR (4) actions available for an endpoint:

  • View. This option is used to view details of an endpoint.

view
Figure 105. View Endpoint

  • Edit. This option is used to edit an endpoint.

edit
Figure 106. Edit Endpoint

  • Certificates. This option is used to see the certificate(s) associated with this endpoint.

certificates
Figure 107. Associated Certificates

You can remove a certificate and make it no longer associated with the endpoint by clicking on the Remove button.

Removing the certificate from an endpoint association does not delete the certificate from the system.
This action is irreversible. You will need to re-associate the certificate if you want it in the future.

  • Delete. This option is used to delete an endpoint.

Note that this action is irreversible. You will need to register again an endpoint if you need to afterwards.

SSH Private Keys

To connect to an endpoint via SSH, some organisations might enforce to use SSH private keys instead of just a username and password. This module allows you to register SSH private keys that can be used later to connect to and endpoint remotely via SSH.

Add SSH Private Key

To add a new SSH private key, you can go to the menu EndpointsAdd SSH Private Key.

sshprivkeyadd
Figure 108. Add SSH Private Key

There are several mandatory information that you have to provide to be able to successfully add a new SSH private key.

  • Description. This is the description of the SSH private key. It is recommended to use meaningful description so that it can be easily referenced in the future.

  • Private Key. This is the SSH private key.

SSH private key must be enclosed within -----BEGIN OPENSSH PRIVATE KEY----- and -----END OPENSSH PRIVATE KEY-----.

  • Public Key. This is the SSH public key associated with the private key.

To view the list of registered SSH Private Keys, you can go to the menu EndpointsSSH Private Keys.

sshprivkeyslist
Figure 109. SSH Private Keys List
sshprivkeysactions
Figure 110. SSH Private Key Actions

For each of the SSH private keys, there are several actions can be done.

  • View Public Key. This action is used to display the public key associated with the private key.

  • View Private Key. This action is used to display the SSH private key.

  • Edit. This action brings you to the edit key page, allowing you to update the details of the SSH private key. Please refer to here for more details.

  • Enable / Disable. This action allows you to enable or disable a key. Disabled keys will not be able to be used.

  • Delete. This action is used to delete the SSH private key.

Deleting SSH private key is irreversible. You need to register again the SSH private key if you need to in the future.

Edit SSH Private Key

sshprivkeyedit
Figure 111. Edit SSH Private Key

You may change several information regarding the SSH private key such as the description, private key, and the public key.

Activity

Through this module, you can observe all activities performed by the user. It is available on the navigation panel to the left.

activity section
Figure 112. Activity Section

Activity List

This page will show the list of activities.

activity list
Figure 113. Activity List Page

You can filter the list by:

  • Event Code. You may choose only one event code at the time.

  • Username You can choose one of the username that performed the activity.

  • Date From and Date To. Date range of the activity

Reporting

This reporting module allow user to generate Certificate Report, Certificate Risk Report, Domain Monitoring Report and Activity Report. The report supports PDF, CSV, and XLS format

reporting section
Figure 114. Reporting Section

Generate Report

This page will show how to generate the report

report certificate report
Figure 115. Generate Report

You can filter the report by:

  • Expiry Date From and Expiry Date To. You can choose expiry date range of the certificate. Only available for Certificate Report and Certificate Risk Report

  • Key Algorithm. You can choose available key algorithm. Only available for *Certificate Report

  • Key Size. You can choose available key size. Only available for *Certificate Report

  • Issuer DN. You can enter partial text from the Issuer DN of your certificates. Only available for Certificate Report and Certificate Risk Report

  • PIC. You can choose the list of available PIC. Only available for Certificate Report and Certificate Risk Report

  • Domain. You can choose the list of available domain. Only available for Domain Monitoring Report

  • Event Type. You may choose only one event code at the time. Only available for Activity Report

  • Username. You can choose available username. Only available for Activity Report

  • Date From and Date To. You can choose date range of the activity. Only available for Activity Report

Click Submit to generate the report.