Creating a Key
Effective key management is essential for maintaining cryptographic security, regulatory compliance, and operational continuity. CERTInext provides centralized key generation, lifecycle tracking, and secure storage capabilities to support both symmetric and asymmetric cryptographic use cases.
The Creating a Key function allows administrators to generate cryptographic key pairs directly within CERTInext and manage them throughout their lifecycle.
Navigation
To create a new key:
Keys → Manage Keys → “+” (Create Key)
The Manage Keys screen displays all generated keys along with their current status and available actions.
Key Types
When creating a key, users must select the appropriate key type:
Symmetric Key – Used for encryption and decryption with the same key
Asymmetric Key – Public/Private key pair used for TLS, digital signatures, and certificate issuance
Depending on the selected type, additional configuration fields become available.
Creating a New Key
Navigate to Keys → Manage Keys
Click the “+” icon on the top-right corner
Select Symmetric or Asymmetric key type
Enter required configuration details such as:
Alias Name
Key Algorithm
Signature Algorithm (for asymmetric keys)
Key Size
Associated Key Profile (if applicable)
Click Create Key Pairs
The new key (or key pair) is generated and added to the Manage Keys table.
Manage Keys List
The Manage Keys screen provides visibility into:
Alias Name
Key Type
Key Algorithm
Signature Algorithm
Created By
Status
From this screen, administrators can perform lifecycle operations.
Key Actions
Each key includes the following actions:
View Key History
Select View History under Actions to view:
Alias Name
Key Type
Signature Algorithm
Created By
Key Algorithm
Rotation history
This provides audit traceability for compliance and operational review.
Download Key
Click Download Key to securely export the key (if permitted by policy).
Export controls may vary depending on profile configuration (HSM-backed keys may restrict export).
Rotate Key
Select Rotate Key to generate a new key while preserving logical continuity.
Upon rotation:
A new key pair is generated
The Alias Name updates accordingly
Previous versions remain visible in history
Rotation supports cryptographic hygiene and compliance with security policies.
Delete Key
Click Delete Key to remove the key from the system.
Deletion requires confirmation and should be performed only if the key is no longer associated with active certificates or workloads.
Key Profiles
Key Profiles define how cryptographic keys are generated, stored, and protected. They standardize cryptographic parameters and ensure consistent key management across the organization.
Navigate to: Keys → Key Profiles
Create a Key Profile
Click the “+” icon to create a new profile.
Users can configure profiles for:
HSM (Hardware Security Module)
PKCS12
Create an HSM Key Profile
Required details:
Profile Name
Profile Type: Select HSM
HSM Configuration Type
Import HSM configuration file
Click Save to complete the setup.
HSM profiles ensure private keys remain hardware-protected and non-exportable.
Create a PKCS12 Key Profile
Required details:
Profile Name
Profile Type: Select PKCS12
Configuration Type:
Import existing PKCS12 file
Create new configuration
Key Algorithm
Key Store Type
Keystore Password
Click Save to generate the profile.
Disable a Key Profile
To disable a profile:
Keys → Key Profiles → Disable (Action button)
A confirmation popup ensures intentional action. Disabled profiles cannot be used for new key generation.
Edit HSM Password
To update an HSM password:
Keys → Manage Keys → Edit (Action button)
A modal allows secure password update for existing profiles.
Key Store Management
Key stores allow administrators to manage uploaded keystore files and associated credentials.
Navigate to: Keys → Key Store
Administrators can:
Upload Key Store File
Provide Key Store Password
Associate keystores with profiles
Operational Best Practices
Rotate asymmetric keys periodically
Use HSM profiles for high-security environments
Restrict key download permissions
Maintain audit trail for all key operations
Disable unused key profiles
Last updated