Live PKI Stats & Trends for Enhanced Security with KPS 4.8

Khatim PKI Server - Live PKI Trends for timestamp ocsp signing verification signing

Team Codegic is excited to announce the release of Khatim PKI Server (KPS) v4.8, packed with powerful new features to enhance live PKI stats, trend analysis, and security. Since our last major update in May 2024, we’ve been working hard to deliver usability improvements, detailed analytics, and live reporting capabilities—all without the need for third-party tools. Here’s a deep dive into what makes this release so impactful.

Why Live PKI Stats & Trends Matter

For PKI administrators, analytics and trend reporting are essential tools that drive informed decision-making and proactive management of the PKI infrastructure. In dynamic and security-sensitive environments, having detailed visibility into historical trends and live data is crucial for maintaining performance, compliance, and security.

  • Real-Time Analytics Without 3rd Party Tools: One of the standout features of Khatim 4.8 is its ability to deliver live reporting and detailed analytics directly from the server. This means PKI admins no longer need to rely on third-party tools or external integrations to gather critical data. All the reporting and trend analysis happens natively, providing a seamless and secure workflow.

  • Immediate Operational Insights: Real-time charts and trends empower PKI admins with immediate insights into system health, helping them detect anomalies, track certificate issuance patterns, monitor OCSP response rates, and identify potential issues before they escalate.

Enhanced Live Charts

The previous version of Khatim PKI Server featured live charts only for the Timestamp engine. In version 4.8, we’ve expanded live chart functionality to cover all engines, including:

  • OCSP
  • Certificate Provider
  • Signing
  • Verification

The Live Charts provides:

  • Performance in transaction per second (TPS)
  • Average TPS (over a period of 2 mins)
  • Failure counts

All of this allows admins to visualize system performance and activity in real time, ensuring better operational insights for each instance while comparing throughput among all of the instances.

Timestamp - Live Charts

Khatim PKI Server - Timestamp Live

Signing - Live Charts

Khatim PKI Server - Signing Live

OCSP - Live Charts

Khatim PKI Server - OCSP Live

Certificate Provider (CP) - Live Charts

Khatim PKI Server - CP Live

Verification - Live Charts

Khatim PKI Server Verification - Live

Advanced Trend Analysis

In version 4.7, historical trend data was available for just Timestamp engine and Certificate Authorities (CA). In Khatim 4.8, we’ve extended this functionality across all engines, providing a comprehensive view of system activity. The new release also introduces the ability to compare multiple CAs across a variety of metrics, enabling a more granular analysis of PKI operations.

Compare Certification Authorities Stats

Khatim PKI Server - Comparing CAs

PKI admins can compare CAs on multiple key metrics such as:

  • Issued Certificates
  • Certificates About to Expire
  • Templates Used
  • Signing Algorithm
  • Key Information
  • Weak Keys
  • Synchronized Certificates

PKI admins can view OCSP historical data over the following parameters.

  • Requests Volume
  • Alerts & Failures
  • Revocation Status
  • OCSP Policies
  • Signing Algorithms

OCSP Historical Performance

Khatim PKI Server - OCSP Trends

Signing & Verification Trends

PKI admins can view historical  signing & verification transactions data over the following parameters

  • Request History
  • Failure Rates
  • Policy Analysis
  • Algorithm Usage

Signing & Verification Historical Performance

Khatim PKI Server - Signing Trends

NTP Chart for Enhanced time Monitoring

To help PKI admins better monitor time synchronization, Khatim 4.8 introduces detailed charts showing various NTP metrics. These include:

  • Request Breakdown
  • Precision and Version
  • Stratum Information
  • Time Offset
  • Acceptable Drift
  • Host IP and NTP URLs

NTP Statistics

Khatim PKI Server - NTP Stats

Usability Enhancements

  • Dark Mode: We’ve introduced a Dark Mode, making it easier on your eyes when viewing data for extended periods, especially in low-light environments. This option enhances both user comfort and productivity.

Engines in Dark Mode

Khatim PKI Server - Dark Mode - Engines

Charts in Dark Mode

Khatim PKI Server - Dark Mode - Charts
  • Tooltips & Stretchable Tables: One of the most requested features from our PKI admins was the ability to view more content in tables. In Khatim 4.8, tables now have stretchable columns, giving admins better control to view hidden content. We’ve also added tooltips throughout the product to provide helpful guidance and explanations wherever needed.

Tooltips & Stretchable Tables

Khatim PKI Server Tooltips

Enhanced Security with Debian Weak Key Check

To strengthen security, Khatim 4.8 introduces an optional Debian Weak Key Check. If enabled, every time an RSA or EC key (or a certificate) is generated, it is checked against a list of Debian Weak Key hashes. If a weak key is detected, the certificate generation process is halted, and an alert is raised to the administrator. Additionally, if a weak key is submitted via CSR, it is immediately rejected with an error code: DEBIAN_WEAK_KEY_FOUND.

Conclusion

Khatim PKI Server 4.8 marks a significant step forward in usability & analytics for PKI administrators. We’re excited to see how these improvements enhance your operations and look forward to your feedback!

Stay tuned for more updates and detailed guides on how to make the most of the new features.