# Manage every mobile device certificate with Key Manager Plus Integrate Mobile Device Manager Plus with ManageEngine Key Manager Plus to orchestrate the end-to-end management of every X.509 certificate on your device. ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-hero-ss.png) ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-hero.png) ## A major shift in certificate lifespans is already underway Public TLS certificates used to last about a year. Under a new [Certification Authority Browser Forum mandate](https://www.manageengine.com/key-manager/ssl-tls-certificate-lifespan-reduced-to-47-days.html), that maximum lifespan has dropped to 200 days (since March 15, 2026) and will drop to 100 days next year and 47 days by 2029. For teams managing device fleets, that means significantly more renewal events across every certificate that keeps devices connected and compliant. [What this means for your organization](https://www.manageengine.com/key-manager/47-day-tls-ssl-certificate-lifespan-guide.html) ## Why this matters to mobile device managers Most MDM environments have more exposure to public TLS certificates than people realize. The VPN gateways, Wi-Fi networks, and mail servers your devices connect to often use public certificates. When any of those expire, the team managing the devices is usually the first to hear about it. Shorter certificate lifespans mean more frequent renewals across all of them and more chances for something to slip and cause downtime on devices for which your team is responsible. ### VPN gateways Public certificates protect the tunnel every device falls back on. ### Wi-Fi networks 802.1X authentication leans on certificates devices must trust. ### Mail servers SMTP/IMAP endpoints serve thousands of mobile clients simultaneously. ## Why Key Manager Plus? Key Manager Plus integrates directly with Mobile Device Manager Plus, so your team can manage the certificates on every enrolled device from one place. It pulls in what's already deployed, flags what's approaching expiration, and handles renewals and redeployment across the fleet without requiring device-by-device effort. With renewal cycles getting significantly shorter, that kind of automation becomes a necessity. ![ManageEngine Mobile Device Manager Plus](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-logo.png) ![Key Manager Plus](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/kmp-logo.png) ![DigiCert](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-digicert.png) ![Let's Encrypt](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-encrypt.png) ![Sectigo](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-sectigo.png) ## Beyond device certificates ### Full public CA automation Key Manager Plus isn't limited to managing the certificates already on your devices. It integrates directly with public certificate authorities (CAs), like DigiCert, Sectigo, Let's Encrypt, GlobalSign, and GoDaddy, along with any CA that supports the ACME protocol. That means your team can request, renew, and deploy public TLS certificates from within Key Manager Plus without switching between CA portals. Certificates approaching expiration are flagged automatically and can be set to auto-renew so the shorter lifespans from the new mandate don't translate into more manual work. ![DigiCert](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-digicert.png) ![Sectigo](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-sectigo.png) ![GlobalSign](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-globalsign.png) ![Let's Encrypt](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-encrypt.png) ![GoDaddy](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-ca-godaddy.png) + any ACME-compatible CA [Explore certificate life cycle management with Key Manager Plus](https://www.manageengine.com/key-manager/certificate-life-cycle-management.html) ## Hassle-free certificate life cycle management for your device Manage the full life cycle of every certificate on every managed device from a single console. ### A quick launch Key Manager Plus leverages Mobile Device Manager Plus' APIs to integrate within minutes. Import all the SSL/TLS certificates from across the devices you manage. The import activity is audited to offer detailed insights. ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-clm-1.png) ### Complete visibility Get a single pane of glass for every certificate across every managed device. Filter by issuer, expiry window, owner, or device, and surface issues before they affect users. ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-clm-2.png) ### Remote deployment Renew and redeploy certificates to the right devices without manual handoffs. Key Manager Plus pushes the new certificate through Mobile Device Manager Plus so devices stay trusted. ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-clm-3.png) ### Detailed reports Generate audit-ready reports on every certificate event — discovery, issuance, renewal, deployment — tied back to the device, owner, and CA it relates to. ![ ](https://cdn.manageengine.com/sites/meweb/images/key-manager/integration/mdm-clm-4.png)