Certificate Lifecycle Management

The IBM Guardium® Cryptography Manager provides a comprehensive view of all the certificates through the Certificate Lifecycle Management dashboard. This dashboard is organized into multiple sections and widgets, offering detailed insights into certificate health, status, and compliance. It enables users to quickly assess cryptographic posture, track certificate expirations, detect misconfigurations, and take corrective actions to maintain the certificate health.

The Certificate Lifecycle Management dashboard consists of the following sections.
  • Post-Quantum Cryptography (PQC) Readiness
    Displays the number of certificates that are post-quantum safe, unsafe or not evaluated along with your quantum posture score.
    • Percentage: Displays the status of PQC readiness as per the percentage of certificates in the following categories,
      • Low: less than 40 percent
      • Moderate: 41 to 80 percent
      • Good: above 80 percent
    • PQC safe certificates: Displays the number of PQC safe certificates that use or support post-quantum cryptographic algorithms that are designed to remain secure against quantum threats.
    • PQC unsafe certificates: Displays the number of PQC unsafe certificates that rely solely on traditional algorithms (like RSA or ECC) which may be vulnerable to future quantum attacks.
    • Not evaluated certificates: Displays the number of certificates that are yet to be checked.

      For more information, see Post-Quantum Cryptography.

  • Total certificates
    Displays the total number of certificates in the system and their current states. Certificates can be in one of the following states.
    • Expired: Displays the number of certificates for which the validity period has ended, with the expiry date set in the past.
    • Revoked: Displays the number of certificates that have been revoked by their issuing certificate authority.
    • Not yet valid: Displays the number of certificates with an activation date set in the future.
    • Valid: Displays the number of certificates that are currently active.

    Click on the particular category to view details in the Inventory page.

    Click View all to view details that are related to all the certificates.

  • Policy violations on certificates

    Displays the policy violation details like,

    • Total Violations: The total number of violations on certificates.
    • Violations per Policy: The total number of violations for each policy. Click the link for a specific policy to view all the violations associated with that policy.

    Click on the particular category to view details in the Inventory page.

    Click View all to view details that are related to all the certificates.

  • Certificate Authorities

    Displays information about the issuers (certificate authorities) of the certificates in use. The first 4 certificate authorities are displayed and the remaining are listed in the last section.

    Click View all to view the details that are related to all the certificate authorities.

  • Expiring certificates
    • This section signifies the total number of certificates that are set to expire in the future.
    • You can click the links to display the count and details of all the certificates that expire within the specified range.

    Click View all for filtered view of all the certificates.

  • Signature algorithm

    Displays information about different kinds of signature algorithms that are used by the certificates in the organization.

    Click View allfor filtered view of all the certificates.

  • Certificates

    Displays the details of all the certificates.

    • Use the customize column icon to select the columns from the following attributes to be displayed in the main table.
      • Name
      • Linked IT assets
      • Source
      • Exploitability
      • Violations
      • Issuer
      • Subject
      • Valid until
      • Not before
      • Key algorithm
    • Use the search option for details related to specific entities.
    • Use the filter option to display details related to a selected subset of fields.
    • To add cryptographic objects, click Add object and follow the instructions on the UI.
Note: You can view the following details that are related to the dashboard,
  • Last refresh: Dashboard data is refreshed and updated every 24 hours. The time is displayed according to the time zone settings in the browser.
  • Click Refresh to fetch the current data.
  • Export: You can export the dashboard in PDF format.