Keychain Overview
The Keychain tab is your central hub for managing SSH keys, SSL certificates, and cryptographic tools—all in one secure location.
What is Keychain?
Keychain is a dedicated tab in Xermius where you can:
✅ Manage SSH Keys - Generate, import, and deploy SSH keys
✅ Check SSL Certificates - Verify website SSL certificates
✅ Read Certificate Files - Analyze local certificate files
✅ Create CSRs - Generate Certificate Signing Requests
✅ Deploy Keys - Distribute keys to multiple servers
✅ Secure Storage - Keep all keys encrypted and organized
Accessing Keychain
From Main Interface
Method 1: Hosts Tab
Hosts Tab → Click "Keychain" button (top bar)
Method 2: Sidebar Menu
Main Menu → Keychain
Quick Access:
- Keyboard:
Ctrl/Cmd + K - Shows all keys and tools in one place
Keychain Interface
┌──────────────────────────────────────────────────────────┐
│ 🔑 Keychain [+ Generate ▼] │
├──────────────────────────────────────────────────────────┤
│ Search: [_____________________] | Type: [All ▼] │
├──────────────────────────────────────────────────────────┤
│ │
│ 🔑 Work - Production Key │
│ ED25519 | SHA256:abc123... | Last used: 2 hours ago │
│ [Deploy] [Export] [Details] │
│ │
│ 🔑 Personal GitHub Key │
│ RSA 4096 | SHA256:def456... | Last used: 5 days ago │
│ [Deploy] [Export] [Details] │
│ │
│ 🔑 Server Access Key │
│ ED25519 | SHA256:ghi789... | Last used: Yesterday │
│ [Deploy] [Export] [Details] │
│ │
└──────────────────────────────────────────────────────────┘
Main Features
1. SSH Keys Management
Generate new SSH keys:
Generate Key → Choose type (ED25519/RSA/ECDSA)
→ Set name and passphrase
→ Key ready to use
Import existing keys:
Import Key → Select key file or paste content
→ Add name and details
→ Key added to keychain
Deploy to servers:
Select key → Deploy
→ Choose target servers
→ Automatic deployment
2. SSL Certificate Checker
Check website certificates:
Tools Menu → SSL Certificate Checker
→ Enter hostname (example.com)
→ View certificate details, expiry, chain
→ Check DNS records
Features:
- Certificate details (issuer, subject, validity)
- Expiration warnings
- Certificate chain validation
- DNS information
- Fingerprint verification
3. Certificate Reader
Analyze local certificate files:
Tools Menu → Certificate Reader
→ Drag & drop certificate file
→ View complete certificate information
→ Check expiration, self-signed status
Supported formats:
- PEM (.pem, .crt, .cer)
- DER (.der)
- PKCS#7 (.p7b, .p7c)
- PKCS#12 (.pfx, .p12)
Learn More: Certificate Reader →
4. Create CSR
Generate Certificate Signing Request:
Tools Menu → Create CSR
→ Fill certificate details (CN, O, OU, etc.)
→ Add Subject Alternative Names
→ Generate CSR + private key
→ Submit to Certificate Authority
Use cases:
- Purchase SSL certificates
- Renew existing certificates
- Generate certificates for internal use
Quick Actions Menu
Click the dropdown arrow next to "Generate" button:
┌─────────────────────────────┐
│ Generate Key │ ← Create new SSH key
│ Import Key │ ← Import existing key
├─────────────────────────────┤
│ SSL Certificate Checker │ ← Check website SSL
│ Certificate Reader │ ← Read cert files
│ Create CSR │ ← Generate CSR
├─────────────────────────────┤
│ Export Keys │ ← Backup all keys
└─────────────────────────────┘
Common Workflows
Workflow 1: Setup New Server
Complete server setup:
1. Generate SSH key (Keychain → Generate)
2. Deploy key to server (Key → Deploy)
3. Test connection
4. Check server SSL cert (SSL Checker)
5. Document key usage
Workflow 2: SSL Certificate Management
Monitor SSL certificates:
1. Check website SSL (SSL Certificate Checker)
2. Note expiration date
3. Before expiry: Create CSR
4. Submit CSR to CA
5. Install new certificate
6. Verify with Certificate Reader
Workflow 3: Key Rotation
Rotate SSH keys periodically:
1. Generate new key
2. Deploy to all servers
3. Test new key works
4. Update all hosts to use new key
5. Remove old key from servers
6. Delete old key from keychain
Workflow 4: Certificate Verification
Verify certificates before deployment:
1. Receive certificate file from CA
2. Use Certificate Reader to inspect
3. Verify details (domain, expiry, issuer)
4. Check certificate chain
5. Deploy to server
6. Verify with SSL Checker
Organizing Keys
Search & Filter
Find keys quickly:
Search by:
- Key name
- Fingerprint
- Comment
- Creation date
Filter by:
- Key type (ED25519, RSA, ECDSA)
- Usage (recently used, unused)
- Has passphrase
Naming Convention
Best practices:
Good names:
✓ Work - Production Servers
✓ Personal - GitHub Access
✓ Client - ProjectName Deploy
✓ Internal - Database Servers
Bad names:
✗ key1
✗ id_rsa
✗ mykey
Comments
Add meaningful comments:
Comment examples:
- "For production web servers only"
- "GitHub deployment key - expires Dec 2024"
- "Shared key for team servers"
- "Client project - rotate monthly"
Security Features
Encrypted Storage
All keys are encrypted:
Private keys:
✓ Encrypted at rest
✓ Never stored in plain text
✓ Protected by master password (optional)
✓ OS keychain integration
Passphrase Protection
Add extra security:
Key with passphrase:
- Required when using key
- Prevents unauthorized use
- Can be saved to keychain (optional)
- Recommended for important keys
Access Control
Restrict key usage:
Options:
- Require authentication to view keys
- Lock keychain after inactivity
- Require master password
- Audit key usage (coming soon)
Best Practices
1. Use Strong Key Types
Recommended:
✓ ED25519 - Modern, fast, secure
✓ RSA 4096 - High security, universal
✓ ECDSA 521 - Good alternative
Avoid:
✗ RSA 2048 - Minimum, not recommended
✗ RSA 1024 - Weak, deprecated
2. Unique Keys Per Purpose
Separate keys for:
- Work servers
- Personal projects
- Client projects
- CI/CD systems
- Emergency access
Don't:
- Use one key for everything
- Share keys between users
- Reuse old keys
3. Regular Rotation
Rotation schedule:
Critical servers: Every 3 months
Standard servers: Every 6 months
Development: Every 12 months
Personal: Annually
4. Backup Keys
Backup strategy:
What to backup:
✓ Private keys (encrypted)
✓ Public keys
✓ Key metadata (names, comments)
Where:
✓ Secure offline storage
✓ Password manager
✓ Encrypted cloud storage
How often:
✓ After creating new keys
✓ Monthly full backup
✓ Before key rotation
5. Document Everything
Keep records:
For each key document:
- Purpose/usage
- Deployment locations
- Creation date
- Expiration date (if any)
- Responsible person
- Emergency contacts
Keyboard Shortcuts
| Action | Shortcut |
|---|---|
| Open Keychain | Ctrl/Cmd + K |
| Generate New Key | Ctrl/Cmd + N |
| Import Key | Ctrl/Cmd + I |
| Search Keys | Ctrl/Cmd + F |
| Deploy Selected | Ctrl/Cmd + D |
| Export Selected | Ctrl/Cmd + E |
| Delete Key | Delete |
| Refresh List | F5 |
Troubleshooting
Can't Find a Key
Issue: Key not showing in list
Solutions:
- Check search filters
- Clear search box
- Check filter type (All/ED25519/RSA/ECDSA)
- Refresh key list (F5)
- Check if key was deleted
Can't Deploy Key
Issue: Key deployment fails
Solutions:
- Verify server is reachable
- Check authentication (password/existing key)
- Ensure SSH port is correct (22)
- Check firewall rules
- Verify user permissions on server
- Try manual deployment
Passphrase Not Working
Issue: Passphrase rejected
Solutions:
- Verify passphrase is correct
- Check Caps Lock
- Try re-entering carefully
- Check if key has passphrase
- Remove passphrase and add new one
SSL Checker Timeout
Issue: SSL checker times out
Solutions:
- Verify hostname is correct
- Check port (usually 443)
- Ensure server is online
- Check firewall/network
- Try different network
- Increase timeout in settings
Related Features
Hosts Management
Deploy keys to specific hosts:
Settings
Configure keychain behavior:
- Security Settings
- Master password
- Auto-lock timeout
- Keychain storage location
Import/Export
Migrate keys from other tools:
Next Steps
Choose what you want to learn:
SSH Keys
Certificates
Advanced
Pro Tip: Keep your keychain organized with clear naming conventions and regular backups. Use the SSL tools to monitor certificate expiration and prevent website downtime!