# Creating a Key

Effective key management is essential for maintaining cryptographic security, regulatory compliance, and operational continuity. CERTInext provides centralized key generation, lifecycle tracking, and secure storage capabilities to support both symmetric and asymmetric cryptographic use cases.

The **Creating a Key** function allows administrators to generate cryptographic key pairs directly within CERTInext and manage them throughout their lifecycle.

#### Navigation

To create a new key:

**Keys → Manage Keys → “+” (Create Key)**

The Manage Keys screen displays all generated keys along with their current status and available actions.

<figure><img src="/files/p5Ege1EkfL9asIVlReoR" alt=""><figcaption></figcaption></figure>

#### Key Types

When creating a key, users must select the appropriate key type:

* **Symmetric Key** – Used for encryption and decryption with the same key
* **Asymmetric Key** – Public/Private key pair used for TLS, digital signatures, and certificate issuance

<figure><img src="/files/Mp2IlriEhBiakvw6BTg8" alt=""><figcaption></figcaption></figure>

Depending on the selected type, additional configuration fields become available.

#### Creating a New Key

1. Navigate to **Keys → Manage Keys**
2. Click the **“+” icon** on the top-right corner
3. Select **Symmetric** or **Asymmetric** key type
4. Enter required configuration details such as:
   * Alias Name
   * Key Algorithm
   * Signature Algorithm (for asymmetric keys)
   * Key Size
   * Associated Key Profile (if applicable)
5. Click **Create Key Pairs**

The new key (or key pair) is generated and added to the Manage Keys table.

<figure><img src="/files/OqyhON4G3jN8yOZ2ZUZE" alt=""><figcaption></figcaption></figure>

#### Manage Keys List

The **Manage Keys** screen provides visibility into:

* Alias Name
* Key Type
* Key Algorithm
* Signature Algorithm
* Created By
* Status

From this screen, administrators can perform lifecycle operations.

#### Key Actions

Each key includes the following actions:

**View Key History**

Select **View History** under Actions to view:

* Alias Name
* Key Type
* Signature Algorithm
* Created By
* Key Algorithm
* Rotation history

This provides audit traceability for compliance and operational review.

**Download Key**

Click **Download Key** to securely export the key (if permitted by policy).

Export controls may vary depending on profile configuration (HSM-backed keys may restrict export).

**Rotate Key**

Select **Rotate Key** to generate a new key while preserving logical continuity.

Upon rotation:

* A new key pair is generated
* The Alias Name updates accordingly
* Previous versions remain visible in history

Rotation supports cryptographic hygiene and compliance with security policies.

**Delete Key**

Click **Delete Key** to remove the key from the system.

Deletion requires confirmation and should be performed only if the key is no longer associated with active certificates or workloads.

### Key Profiles

Key Profiles define how cryptographic keys are generated, stored, and protected. They standardize cryptographic parameters and ensure consistent key management across the organization.

Navigate to:\
**Keys → Key Profiles**

<figure><img src="/files/QCuChXmWTmOVh7YxP6LT" alt=""><figcaption></figcaption></figure>

#### Create a Key Profile

Click the **“+” icon** to create a new profile.

Users can configure profiles for:

* **HSM (Hardware Security Module)**
* **PKCS12**

#### Create an HSM Key Profile

Required details:

* Profile Name
* Profile Type: Select **HSM**
* HSM Configuration Type
* Import HSM configuration file

Click **Save** to complete the setup.

HSM profiles ensure private keys remain hardware-protected and non-exportable.

#### Create a PKCS12 Key Profile

Required details:

* Profile Name
* Profile Type: Select **PKCS12**
* Configuration Type:
  * Import existing PKCS12 file
  * Create new configuration
* Key Algorithm
* Key Store Type
* Keystore Password

Click **Save** to generate the profile.

#### Disable a Key Profile

To disable a profile:

**Keys → Key Profiles → Disable (Action button)**

A confirmation popup ensures intentional action. Disabled profiles cannot be used for new key generation.

#### Edit HSM Password

To update an HSM password:

**Keys → Manage Keys → Edit (Action button)**

A modal allows secure password update for existing profiles.

### Key Store Management

Key stores allow administrators to manage uploaded keystore files and associated credentials.

Navigate to:\
**Keys → Key Store**

<figure><img src="/files/aPChAJP9rQY8j3dLFMc2" alt=""><figcaption></figcaption></figure>

Administrators can:

* Upload Key Store File
* Provide Key Store Password
* Associate keystores with profiles

#### Operational Best Practices

* Rotate asymmetric keys periodically
* Use HSM profiles for high-security environments
* Restrict key download permissions
* Maintain audit trail for all key operations
* Disable unused key profiles


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/key-lifecycle-management/key-management/creating-a-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.