Live PKI Stats & Trends for Enhanced Security with KPS 4.8
Team Codegic is excited to announce the release of Khatim PKI Server (KPS) v4.8, packed with powerful new features to enhance live PKI stats, trend analysis, and security. Since our last major update in May 2024, we’ve been working hard to deliver usability improvements, detailed analytics, and live reporting capabilities—all without the need for third-party tools. Here’s a deep dive into what makes this release so impactful.
Why Live PKI Stats & Trends Matter
For PKI administrators, analytics and trend reporting are essential tools that drive informed decision-making and proactive management of the PKI infrastructure. In dynamic and security-sensitive environments, having detailed visibility into historical trends and live data is crucial for maintaining performance, compliance, and security.
-
Real-Time Analytics Without 3rd Party Tools: One of the standout features of Khatim 4.8 is its ability to deliver live reporting and detailed analytics directly from the server. This means PKI admins no longer need to rely on third-party tools or external integrations to gather critical data. All the reporting and trend analysis happens natively, providing a seamless and secure workflow.
-
Immediate Operational Insights: Real-time charts and trends empower PKI admins with immediate insights into system health, helping them detect anomalies, track certificate issuance patterns, monitor OCSP response rates, and identify potential issues before they escalate.
Enhanced Live Charts
The previous version of Khatim PKI Server featured live charts only for the Timestamp engine. In version 4.8, we’ve expanded live chart functionality to cover all engines, including:
- OCSP
- Certificate Provider
- Signing
- Verification
The Live Charts provides:
- Performance in transaction per second (TPS)
- Average TPS (over a period of 2 mins)
- Failure counts
All of this allows admins to visualize system performance and activity in real time, ensuring better operational insights for each instance while comparing throughput among all of the instances.
Timestamp - Live Charts
Signing - Live Charts
OCSP - Live Charts
Certificate Provider (CP) - Live Charts
Verification - Live Charts
Advanced Trend Analysis
In version 4.7, historical trend data was available for just Timestamp engine and Certificate Authorities (CA). In Khatim 4.8, we’ve extended this functionality across all engines, providing a comprehensive view of system activity. The new release also introduces the ability to compare multiple CAs across a variety of metrics, enabling a more granular analysis of PKI operations.
Compare Certification Authorities Stats
PKI admins can compare CAs on multiple key metrics such as:
- Issued Certificates
- Certificates About to Expire
- Templates Used
- Signing Algorithm
- Key Information
- Weak Keys
- Synchronized Certificates
OCSP Trends
PKI admins can view OCSP historical data over the following parameters.
- Requests Volume
- Alerts & Failures
- Revocation Status
- OCSP Policies
- Signing Algorithms
OCSP Historical Performance
Signing & Verification Trends
PKI admins can view historical signing & verification transactions data over the following parameters
- Request History
- Failure Rates
- Policy Analysis
- Algorithm Usage
Signing & Verification Historical Performance
NTP Chart for Enhanced time Monitoring
To help PKI admins better monitor time synchronization, Khatim 4.8 introduces detailed charts showing various NTP metrics. These include:
- Request Breakdown
- Precision and Version
- Stratum Information
- Time Offset
- Acceptable Drift
- Host IP and NTP URLs
NTP Statistics
Usability Enhancements
-
Dark Mode: We’ve introduced a Dark Mode, making it easier on your eyes when viewing data for extended periods, especially in low-light environments. This option enhances both user comfort and productivity.
Engines in Dark Mode
Charts in Dark Mode
-
Tooltips & Stretchable Tables: One of the most requested features from our PKI admins was the ability to view more content in tables. In Khatim 4.8, tables now have stretchable columns, giving admins better control to view hidden content. We’ve also added tooltips throughout the product to provide helpful guidance and explanations wherever needed.
Tooltips & Stretchable Tables
Enhanced Security with Debian Weak Key Check
To strengthen security, Khatim 4.8 introduces an optional Debian Weak Key Check. If enabled, every time an RSA or EC key (or a certificate) is generated, it is checked against a list of Debian Weak Key hashes. If a weak key is detected, the certificate generation process is halted, and an alert is raised to the administrator. Additionally, if a weak key is submitted via CSR, it is immediately rejected with an error code: DEBIAN_WEAK_KEY_FOUND.
Conclusion
Khatim PKI Server 4.8 marks a significant step forward in usability & analytics for PKI administrators. We’re excited to see how these improvements enhance your operations and look forward to your feedback!
Stay tuned for more updates and detailed guides on how to make the most of the new features.