Softpedia >Windows >Security >Security Related >ManageEngine Key Manager Plus >  Changelog

ManageEngine Key Manager Plus Changelog

What's new in ManageEngine Key Manager Plus 6.6.0

Aug 9, 2023
  • New Features:
  • Private Certificate Authority (CA) / Intermediate CA:
  • Key Manager Plus now offers a new feature - Private CA (Intermediate CA) that allows organizations to create and manage their certificates internally. Selected users can sign end-user certificates for internal servers, applications, and services using the intermediate certificate, signed using the root certificate.
  • With this feature, organizations can:
  • Achieve enhanced security and gain more control over their certificate management process without relying on external CAs.
  • Minimize the risk of external threats and improve their overall certificate management process.
  • Streamline the process of issuing and revoking certificates while maintaining complete control over their certificate authority, thus ensuring the certificates issued by the organization are trusted and secure, making it easier to manage and monitor all the internal certificates in one central location.
  • Jenkins Integration with Key Manager Plus
  • Jenkins is an open-source automation server that facilitates Continuous Integration (CI) and Continuous Delivery (CD) of software projects. Key Manager Plus now supports integration with Jenkins which provides SSL certificates support that includes creating CSR, downloading CSR, creating a certificate, and downloading certificates for organizations' freestyle projects during the build generation and post-build process. With this plugin in DevOps, one can attain certificate-related capabilities in the automated schedules run through Jenkins.
  • Azure Key Vault - TLS Secrets Management
  • Key Manager Plus now allows you to manage the TLS secrets stored in the Secrets of Microsoft Azure Key Vault - a management service offered by Microsoft. Through this integration, users can create (PFX format), renew, and manage the entire lifecycle of SSL/TLS certificates stored in the Secrets of Azure Key Vault via Key Manager Plus by importing them into the Key Manager Plus repository.
  • Enhancements:
  • From now on, Key Manager Plus supports DNS Made Easy to complete domain control validation while acquiring certificates from public Certificate Authorities, alongside the available DNS support types.
  • New RESTful APIs: The following three new REST APIs have been introduced in Key Manager Plus:
  • Fetch all SSH Resources - To fetch all SSH resources
  • Fetch all Audit Details -To get all the audit details
  • Bulk SSL Discovery from a File - Performs resource discovery based on DNS names stored in the files
  • Get SSL Vulnerability Count - To get the total number of SSL vulnerabilities
  • Previously, the CSRs were signed in REST API using MSCA. From now on, either MSCA or root CA can be used to sign the CSRs, and in addition, the API response will display the certificate serial number for further API-related use.
  • From this build onwards, additional field data can be added as a dropdown option by giving the values to be displayed in DropDown Field type in Settings >> Additional Fields.
  • From now on, the 'Certificate Details' will show the additional field(s) information related to the SSL certificates in the SSL tab.
  • From now on, you can create CSR by importing the KeyStore file from the Key Manager Plus SSL repository instead of exporting them locally and importing them back for CSR creation.
  • In addition to the JTDS JDBC driver, Key Manager Plus now supports Microsoft Java Database Connectivity (JDBC) driver to connect to the SQL server, thus enhancing the user's connectivity to the SQL data.
  • We have introduced a new global search filter that allows users to search for resources based on their DNS/IP addresses.
  • From now on, Key Manager Plus will record all the SSL discoveries performed via public Certificate Authority (CA) integrations from the Audit window.
  • We have introduced a new PKCS 8 export type in this release that permits additional exportation capabilities.
  • Upgrade:
  • We have migrated to the OpenJDK version 1.8.0_372 for the 64-bit supported builds. For the 32-bit build users to use this upgrade seamlessly, please migrate to the 64-bit architecture.
  • Note: TLS protocol version 1.2 or higher is required for SQL server connections, as this OpenJDK upgrade disables TLS1.0 and TLS1.1 by default.
  • UI Change:
  • From this build onwards, the personal key storage of Key Manager Plus will be referred to as 'Key Vault' instead of 'Key Store' to avoid misinterpretation between the internal KeyStores.
  • Bug Fixes:
  • The revoked status of the certificates was still showing even after the renewal of revoked certificates in MSCA. This issue has been fixed now.
  • In builds 6450 and 6500, the mail-server configuration did not get saved properly because of the presence of the '&' character in the mail server fields, which triggered an EXTRA_PARAM_FOUND error in the user interface. This issue has now been fixed.
  • An issue that denied the remote connections for machines with OpenSSH version 7 & above using SSH key authentication has been found and fixed.
  • Previously, the load balancer discovery schedule failed when specified with a port number during the schedule configuration. This issue has now been fixed.
  • From build 6450, for users with the Microsoft 365 GCC High subscription, the mail server settings failed to work using OAUTH, as the OAUTH mail server setting failed to support US-specific subscriptions. The issue is now fixed.
  • From build 6210, while signing a CSR with a certificate, SHA256 was being used as the default signature algorithm instead of the signer certificate's signature algorithm. This issue has now been fixed.
  • Previously, the Subject Alternate Name that contains a Principal Name faced a parsing issue during the certificate operations. This issue has now been fixed.

New in ManageEngine Key Manager Plus 6.5.0 (Apr 12, 2023)

  • New Features:
  • Kubernetes Integration:
  • We have introduced Kubernetes (K8s) integration, an open-source platform that automates containerized application deployment, scaling, and management. Kubernetes secrets, a feature provided by the Kubernetes platform, facilitates a secure way of storing Kubernetes TLS secrets (certificates) within Kubernetes clusters.
  • The integration aids the administrator in securely fetching the Kubernetes TLS secrets (certificates) into Key Manager Plus, managing them within the single centralized repository, and rotating/updating the secrets obtained from multiple Kubernetes clusters.
  • Navigate to 'SSL >> Kubernetes' to configure and manage all your Kubernetes TLS secrets (certificates) via Key Manager Plus.
  • New User Role - SSL Power User
  • We have introduced a new static custom role - SSL Power User. Users designated with this role will have elevated privileges to perform complete SSL certificate management capabilities.
  • Enhancements:
  • As a part of this release, Digicert is added as a vendor to the SSL Store list. The previously available SSL Store vendors, which include Thawte, Geo Trust, and Rapid SSL, will now be a part of Digicert.
  • It is now possible to add an email address while configuring 'Certificate Sync Status Check' from 'Settings >> SSL >> Certificate Sync Status'. Once added with the configured recurrence time interval, the list of all the SSL certificates with their deployed servers will be sent to the given email address, with the following details: days to expire, date of expiry, serial number, and fingerprint.
  • Henceforth, while creating a Certificate Signing Request (CSR), only the Common Name, Validity, and Store Password will be the mandatory fields.
  • We have added the following additional key sizes to the key algorithms for increased security strength:
  • 3072 and 4096 key sizes for RSA
  • 2048 and 3072 key sizes for DSA
  • Key Manager Plus now supports SHA256 SSL fingerprint to encrypt the SSL certificates. Administrator can navigate to 'Settings >> SSL >> SSL Fingerprint' to change their SHA values. All the existing certificates can also be changed to SHA256 fingerprint by enabling the checkbox provided.
  • From now on, the dashboard on the Key Manager Plus homepage will not consider the EC certificate key size into account for the 1024-bit and lesser keys calculation.
  • Bug Fix:
  • Previously, when an administrator tried to rediscover the certificates in an organization, it failed with an empty error message. This issue has now been fixed.
  • Security Fixes:
  • A Remote Code Execution (RCE) vulnerability reported on the SSH server by passing malicious links has been fixed.
  • An issue that allowed the users with the Operator role to access the server with the pre-opened terminal even after revoking the permission has been found and fixed.
  • A stored XSS vulnerability caused by an image uploaded during the rebranding of Key Manager Plus has been found and fixed.

New in ManageEngine Key Manager Plus 6.4.0 (Oct 7, 2022)

  • New Feature:
  • Importing Certificate Details
  • In addition to adding certificate objects in different formats, Key Manager Plus now allows users to manually add certificate details into the Key Manager Plus repository and manage them along with other certificate objects. This feature is beneficial when a user has the details of an SSL certificate that resides in a demilitarized zone and therefore cannot be added to Key Manager Plus as an object through discovery. In this case, users can create a CSV file with the specified certificate details and upload them to Key Manager Plus. Furthermore, users can also set up expiry notifications for certificate details.
  • Certificate Deployment to Citrix ADC Load Balancer
  • Users will now be able to deploy SSL certificates to the Citrix ADC load balancer directly from the Key Manager Plus interface. Users can add and manage multiple Citrix accounts and deploy certificates to them individually.
  • Enhancement:
  • From now on, users can set a time-out value while configuring Radius Server Authentication. During authentication, if no response is received from the Radius Server within the timeout interval, the authentication will fail.
  • Henceforth, users will be able to associate columns from ServiceNow with the columns from 'SSL >> Certificates' tab to add additional information to the tickets.
  • Earlier, Digicert users were able to add only one API key to Key Manager Plus. Henceforth, they can add multiple API keys to Key Manager Plus.
  • Two new RestAPIs to 'To get Certificate in different file formats' and 'To Export an SSH Key in a specific Key Type' have been added.
  • Bug Fixes:
  • Earlier, the users were unable to edit the wildcard certificate details after navigating to the Certificate Details page. This issue has been fixed.
  • Earlier, when a certificate that was a part of a certificate group expired, the expiry notification email was sent to all groups in Key Manager Plus instead of to only the groups to which the certificate belonged. This issue has been fixed.
  • Bulk certificate sync with ServiceDesk Plus failed for some certificates. This issue has been fixed.
  • From build 6300, the expiry notification email address specified in the CSR form failed to be encoded. Due to this, the email address appeared as garbled text on the SSL page. This issue has been fixed.

New in ManageEngine Key Manager Plus 6.3.0 (Jun 17, 2022)

  • New Feature:
  • Key Manager Plus - Azure Key Vault Integration
  • Key Manager Plus now supports integration with Microsoft Azure Key Vault—an SSL certificate management service offered by Microsoft. Through this integration, users can request, renew, and manage the entire lifecycle of SSL/TLS certificates stored in the Azure Key Vault by importing them into the Key Manager Plus repository.
  • Rebranding
  • Key Manager Plus allows administrators to rebrand the product instance and tailor it according to their organizational needs. Administrators can customize the brand name, logo, and product disclaimer based on the organization's legal requirements.
  • Enhancements:
  • The PostgreSQL server has been upgraded from version 9.5.21 to 10.18.
  • The Apache Tomcat server has been upgraded from version 8.5.32 to 9.0.54.
  • Key Manager Plus has now migrated to the OpenJDK platform, version 1.8.0_252.
  • We have implemented a patch integrity verification, which will henceforth require importing an SSL certificate (available as a downloadable file) whenever the product is upgraded using the PPM file. It is only a one-time operation. For the upgrade instructions and PPM download links, click here.
  • Key Manager Plus will allow users to import the keys created using OpenSSL version 3.0 onwards.
  • Users can now import WebSphere certificates into the Key Manager Plus repository.
  • Key Manager Plus now allows users to group their certificates based on the 'Expiry Notifications Email' while creating a certificate group.
  • From now on, under Multiple Servers, the users will be able to reassign the Primary server from the list of available servers while attempting to delete the existing Primary server.
  • A new RestAPI to 'fetch PGP keys' has been added.
  • Bug Fixes:
  • Earlier, for some customers, the Key Manager Plus logo appeared bigger in email expiry notifications. This issue has been fixed.
  • In Linux installations, the certificate discovery failed while discovering certificates from Shared Path using certificate list. This issue has been fixed.
  • The certificates that were added to a certificate group created using additional fields as the grouping criteria, were not visible during certificate signing for Operator users with sign CSR permission. This issue has been fixed.
  • Operator users were unable to view the details of the certificates that were part of a certificate group created using additional fields as the grouping criteria. This issue has been fixed.
  • Administrator users were unable to edit the value of additional fields for certificates that are a part of a certificate group created using any criteria. This issue has been fixed.

New in ManageEngine Key Manager Plus 6.2.0 (Jan 18, 2022)

  • New Features:
  • Two-Factor Authentication Support
  • Key Manager Plus now allows you to integrate with the following services to provide Two-Factor Authentication support for application login.
  • Google Authenticator
  • Microsoft Authenticator
  • One-time password
  • AWS Certificate Manager Integration
  • Key Manager Plus now supports integration with AWS Certificate Manager (ACM)—a trusted certificate authority and certificate manager. This integration enables users to request, acquire, deploy certificates from Key Manager Plus to AWS ACM , renew and automate the end-to-end lifecycle management of SSL/TLS certificates issued and managed by ACM, directly from the Key Manager Plus web interface.
  • Enhancements:
  • Key Manager Plus now allows operators to select administrators directly to send an email while adding a request for a certificate on the certificate request page.
  • In addition to server certificates, Key Manager Plus now allows users to import client certificates from DigiCert and manage them in the Key Manager Plus repository.
  • Users can now create a scheduled task for AWS certificate discovery.
  • Bug Fix:
  • Assigning the certificate group created using any criteria other than common name failed to load operator user's SSL repository page.
  • Security Fixes:
  • The following security issues have been resolved in this release:
  • Path Traversal Vulnerability, Remote Code Execution (RCE) and SSL validation vulnerabilities.
  • Privilege escalation vulnerabilities (ZVE-2022-0093 and ZVE-2022-0094 ) in the SSH Users view and while exporting SSL certificates, reported by CERTXLM, have been fixed.

New in ManageEngine Key Manager Plus 6.1.0 (May 18, 2021)

  • New Feature:
  • Active Directory Synchronization
  • Key Manager Plus now comes with the Active Directory (AD) synchronization feature that allows users to set up recurring synchronization schedules for single or multiple domains during AD user import. AD synchronization schedules can be created to import users from user groups or organizational units that are part of multiple AD domains.
  • Enhancements:
  • Earlier, when certificates were renewed, the deployed servers and the credentials had to be mentioned manually. From now on, the renewed certificates will automatically inherit the deployed servers and their credentials.
  • Henceforth, the SSL certificates can be manually mapped with deployed servers list to any server directly from 'Inventory >> More >> Add Deployed Server'.
  • Earlier, only the administrators were able to perform CSR signing. Hereafter, the administrators can allow the operators as well to sign the certificates.
  • From now on, certificates/CSRs/certificate groups will have an email field to which the SSL expiry email notifications can be sent, where the expiry notification email address can be provided while creating the Certificate and CSR.
  • A new option - Deploy to Microsoft certificate store user account, has been added, which facilitates the deployment of the Microsoft Store deployed certificates to the respective user accounts, in addition to deploying to the computer accounts.
  • The SSL Certificate Expiry Notification set up under "Settings >> Notifications >> Expiry" will now include Issuer, FingerPrint, and Serial Number fields in the Certificate Expiry email.
  • Bug Fixes:
  • The auto-renewal duplication issue has been fixed.
  • There was an issue in exporting the certificates as password-protected zips when password protection for exports was enabled under Privacy Settings. This issue has been fixed now.
  • There was a failure in Linux deployment from the ServiceDesk Plus request. This issue has been fixed now.

New in ManageEngine Key Manager Plus 5.9 Build 5950 (Sep 1, 2020)

  • New Features:
  • On-demand Renewal of Certificates
  • This release comes with a 'Renew' option under 'SSL >> Certificates' that allows users to initiate the renewal of Self Signed, Root Signed, Microsoft CA Signed, and Agent-signed certificates, and also the certificates issued by the third-party CAs.
  • LDAP Authentication and Scheduled Users Sync
  • In addition to Active Directory and RADIUS authentication, Key Manager Plus now supports user import and user authentication using LDAP servers as well. Use LDAP integration to import Active Directory (AD) users from Microsoft AD and OpenLDAP into Key Manager Plus Linux installations, and also regularly update the user database through the sync operation provided by Key Manager Plus. Besides, users can use LDAP authentication for access, bypassing the local authentication provided by Key Manager Plus. Supported LDAP server types are Microsoft Active Directory and OpenLDAP.
  • Enhancements:
  • Key Manager Plus now supports scheduled SSL discovery and MS Certificate Store Discovery tasks with agent.
  • Previously, the certificates due for expiry in 10 days or less got automatically renewed. Now, users will be able to customize the number of days to auto-renew the certificates before they expire.
  • From now on, during CSR signing of SSL certificates using the agent, it is possible to specify the Agent timeout value, in seconds.
  • Henceforth, users will be able to select specific Certificates or Certificate Groups while generating the 'SSL Certificates Report' Schedule type (under 'Schedule >> Add Schedule').
  • Users will now be able to add and edit the deployed servers list under 'SSL >> Certificates >> Multiple Servers (icon)'. Newly added servers will be mapped with the latest certificate version in the certificate repository.
  • Key Manager Plus now supports IP range discovery for MS Certificate store discovery ('Discovery >> MS Certificate Store') using the KMP service with the domain Admin account. This allows administrators to discover certificates across networks.
  • Key Manager Plus now supports 'Load Balancer' Certificates discovery for 'SSL Discovery' schedule type. Use this schedule type to discover certificates from load balancers, such as BIG-IP F5, Nginx, etc., which support SSH access on a scheduled basis.
  • Bug Fixes:
  • Under 'Settings >> SSL >> IIS Binding', binding list retrieval failed for bindings with a protocol other than HTTP/HTTPs. This issue has been fixed.
  • Earlier during Digicert import, Key Manager Plus failed to import client/personal certificates into KMP. This issue is now fixed.
  • Earlier, the date format had the month as a part of the value, due to which sorting did not work. Now, this issue has been resolved by modifying the date format in the CSV file to be the standard date format.
  • Earlier while discovering certificates using a load balancer, there were problems with commands other than the standard Linux commands. This issue has been fixed.

New in ManageEngine Key Manager Plus 5.9 Build 5920 (Jun 20, 2020)

  • Enhancements:
  • The 'Certificate Renewal Report' page under the 'Reports' tab now comes with a column chooser.
  • Users can now view all the certificates associated with a particular agent by clicking the 'Host Name' of the agent listed under 'SSL >> Windows Agents'.
  • Now, users can tailor schedules by adding custom email content and a unique signature.
  • Now, users can discover certificates issued by a particular 'Microsoft Certificate Authority' just by entering the MSCA name in the text box provided, during discovery. Remember, this additional option will be available for Key Manager Plus installations in Windows server machines only.
  • Now, it is possible to add the Wildcard name in the SAN field while creating a CSR or a self-signed certificate. With the Wildcard certificates, one can secure an unlimited number of subdomains for a registered base-domain.
  • Earlier, Certificate Expiry Notification emails sent to the email addresses specified in additional fields followed a fixed format. Now, the customization settings configured for notification emails in 'Notification' and 'Schedule' tabs will be applied to the emails sent via email addresses in the additional fields as well.
  • Bug Fixes:
  • Agent got duplicated when re-installed from a different IP address. This has been fixed.
  • The 'Common name' column sorting issue in the 'Certificate Sign Report' wizard has been fixed.
  • The issue in MSCA auto-renewal with the EC key has been fixed.
  • Get Templates issues that existed with the non - English languages have been fixed.

New in ManageEngine Key Manager Plus 5.9 Build 5910 (May 22, 2020)

  • New Features:
  • New Certificate Format - PEM
  • A new certificate format, Privacy Enhanced Mail (PEM), has been added, in addition to the already available certificate export formats, Keystore and PFX, where the PEM format is used for digital certificates and keys, deployed in web server platforms (e.g., Apache).
  • Support for GoDaddy DNS
  • From now on, Key Manager Plus supports GoDaddy DNS to complete the domain control validation procedure while acquiring certificates from public Certificate Authorities, along with the already available DNS support types, Azure DNS, Cloudflare DNS, Amazon route 53, and RFC2136 Update. Using GoDaddy DNS, users can update the DNS record for GoDaddy domain validation from the Key Manager Plus portal itself.
  • Enhancements:
  • This release comes with an exclusive page for 'Windows Agents', accessible from the SSL tab, from where users will be able to perform all agent-specific operations such as SSL Discovery using agent, deployment of SSL certificates in certificate groups using agent and CSR Signing with MSCA agent.
  • Certificate deployment in multiple servers has now been made simpler by using an agent, provided the agent is running in the server to be deployed, and both the agent name and the server DNS name are the same.
  • Now, auto-renewal of certificates is possible for the 'MSCA using agent' sign type as well, from 'Settings >> SSL >> Certificate Renewal'.
  • The 'Certificate Sign Report' comes with the following MSCA/Third party CA signing details; Certificate Authority, Certificate Template, Sign Type column.
  • The 'Certificate Renewal report' comes with the 'Renewed By' column relevant to MSCA and 3rdPartyCA renewal details.
  • A new option 'Reissue Certificate' has been added under 'SSL >> GlobalSign' that allows users to request GlobalSign to reissue an SSL certificate.
  • The new 'GlobalSign Orders Report' allows the GlobalSign orders to be added as individual reports, which provide a detailed view of certificate orders requested from the GlobalSign CA.
  • From now on, users can add a "Key Comment' while importing a new SSH key and editing an existing key from the repository. Also, users can avail the checkbox "Update comment in associated users" to update the Key comment to the associated end servers automatically.
  • Now, it is possible to add additional properties to a certificate while creating it, by using the 'Advanced Options' menu. It allows users to choose from a list of Key Usage and Advanced Key Usage properties, and add them to the new certificate. Examples for the Key Usage properties include; Digital Signature, Decipher Only, Encipher Only, and Certificate Sign.
  • The DigiCert CA page has been enhanced with a new menu 'Show' that has four options, Expired, Revoked, Rejected, and Others, used to filter the DigiCert CA list view.
  • Now, while adding or modifying the Certificate Groups, it is possible to set 'additional fields' also as one of the 'By Criteria' filters for certificates.
  • While creating an additional field, users are allowed to choose if it is applicable for SSH/SSL/both. The 'Additional fields' option is now available under 'Settings'.
  • New REST APIs 'GET CSR list' and 'Sign CSR' have been added.
  • The 'Expiry Notification' has been enhanced with the custom mail content, 'Title' and 'Signature'.
  • Change:
  • In the below set of REST APIs, the fetch details format is modified is such a way that the "details" attribute holds all the data; GetCertificateDetails, getallsslcertificates, getAllSSLCertsExpiryDate, sslCertSingleDiscovery, sslCertRangeDiscovery, getallsshkeys, GetSSHKey, getAllSSHUsers,getAllKeyStoreKeys,GetSSHKeysForUser and GetAllAssociatedUsers.
  • Security Fixes:
  • The Key Manager Plus server's SSL TLS has been upgraded to version 1.2.
  • The Key Manager Plus agent's TLS has been upgraded to version 1.2. This is configurable in 'Agent.conf'.
  • Earlier, during API calls, the Authentication token was passed as a request parameter. Hereafter, each API call made to the application requires the Authentication token to be passed in the request header.
  • Earlier, the Keystore password of the certificate uploaded into the server was appended in the URL, which posed a security risk. From now on, the Keystore password will be sent as the 'RequestBody' to maintain optimal security.
  • A local File Intrusion issue during MS store discovery has been fixed.
  • The operator user was able to view the admin terminal audit. This has been fixed.
  • Bug Fixes:
  • Server certificate update failed in case of Key Store with multiple alias names. This has been fixed.
  • In the build of 5900, the certificate repository column order and also the column values got altered after adding the 'Port' column. This has been fixed.
  • The root and intermediate certificates of PEM format got added as separate entries in the certificates repository. This has been fixed now.

New in ManageEngine Key Manager Plus 5.8 Build 5810 (Oct 11, 2019)

  • New Features:
  • Key Manager Plus now enables users to discover, import, and configure expiry notifications for SSL certificates hosted in the following Amazon Web Services: AWS Certificate Manager (ACM) and AWS Identity and Access Management (IAM).
  • Key Manager Plus now supports automated renewal of self-signed certificates in addition to Microsoft CA certificate renewal.
  • Enhancements:
  • Key Manager Plus now provides additional insights on agent activity such as heartbeat interval, latest response time and operation performed.
  • Key Manager Plus now provides an option to edit the email ID associated with the Let's Encrypt user account.
  • Key Manager Plus now supports the discovery of SSH keys with ECDSA and ED25519 signature algorithms.
  • A new REST API—to view the private key passphrase of SSL certificates—has now been added.
  • For scheduled SSL expiry task, users now have the option to choose whether or not, to receive email notifications when no certificates in that particular schedule are nearing expiration.
  • Key Manager Plus offers automatic bundling of individual private key (.key) files and certificate files (.cer/.pem) into 'JKS' and 'PKCS' keystore file formats and provides export option for the same.
  • Two extra categories have been added for criteria-based certificate group creation: AWS service and certificate template.
  • Bug Fixes:
  • Previously, certificate deployment failed if the field "Store Password" contained a space character when creating certificates from SSL ? Certificates tab. This has now been fixed.
  • Previously, when performing bulk operations, the "Create and Deploy" action failed when executed on SSH user groups, for RSA and DSA signature algorithms. This has now been fixed.
  • Previously, when there was a "space" character present in a certificate group name, attempting to fetch the SSL certificates report pertaining to that group from the Reports tab threw the following error: "Invalid field format". This has now been fixed.
  • Previously, even after the certificate private key was imported and attached to a certificate in Key Manager Plus' certificate repository, the "Export Keystore/PFX" was still disabled. This has now been fixed.

New in ManageEngine Key Manager Plus 5.5 (Jan 8, 2018)

  • New Features / Enhancements:
  • Microsoft CA certificate signing :
  • Key Manager Plus now allows users to get certificate requests signed from Microsoft Certificate Authority, thereby facilitating complete life cycle management for certificates issued by Microsoft Certificate Authority.
  • Integration with CMDB :
  • Key Manager Plus now provides the option to sync SSL certificates in its repository with ManageEngine Service Desk Plus CMDB, allowing administrators to map certificates to specific servers / applications in the CMDB and monitor their usage and expiration from Service Desk Plus' CMDB.
  • SSL Certificate group :
  • This enhancement allows users to organize SSL certificates into logical groups based on various criteria and execute actions in bulk on the groups.
  • Option to enforce access restrictions by assigning users to specific certificate groups during user additions.
  • Date based discovery filter for Microsoft Certificate Authority certificate discovery.
  • Option to separately track and manage various versions of the same SSL certificate (with the same common name).
  • Option to change Key Manager Plus' web server port directly from the user interface.
  • Option to import and map a private key to certificate has been supported.
  • Bug Fixes:
  • Earlier, when generating certificate signing requests with SAN names, the SAN names were not updated. This has now been fixed.
  • Earlier, there were issues with fetching the system locale on Microsoft CA discovery. This has now been fixed.

New in ManageEngine Key Manager Plus 5.0 (Feb 9, 2017)

  • New Features / Enhancements
  • End-to-end certificate life-cycle management through integration with Let's
  • Encrypt CA: Key Manager Plus now allows you to request, procure, deploy and
  • automatically renew SSL certificates for your domains from Let's Encrypt, the
  • renowned Certificate Authority.
  • â??Option to discover and manage certificates from Windows Certificate store.
  • Option to exclusively discover and manage certificates issued
  • by Windows Certificate Authority.
  • Deployment: Option to deploy SSL certificates as well as JKS/PCKS12 keys to
  • end-point servers directly from the product interface.
  • Reports: Additional reports on certificate deployment, certificates deployed on
  • multiple servers, SHA-1 certificates, Let's Encrypt certificates, Let's Encrypt
  • certificate requests.
  • Option to export audit records on key and certificate discovery.
  • Enhancements to identify SSH user home directory.
  • Certificate request workflow enhancements:
  • Options to specify device name/ IP address while raising a
  • certificate request.
  • Options to automatically import the obtained certificate into
  • .pfx/.keystore file.
  • Option to e-mail certificate and JKS/PKCS keys while closing a
  • certificate request.