ManageEngine Key Manager Plus Cloud - Release Notes

Contact Support

Release Notes
Key Manager Plus
 

Key Manager Plus Cloud - Release Notes (June 2026)

3 New Features 18 Enhancements 2 Behavioral Changes 23 total changes
New Features
3 items
Ticketing System Integration
In addition to ServiceNow, Key Manager Plus now integrates with ServiceDesk Plus On-Demand to automatically create service requests in the ticketing environment to notify administrators about the SSL certificates that are at risk of expiring and those deemed vulnerable after a vulnerability scan in Key Manager Plus Cloud.
Azure Application Integration
In addition to the existing Azure integration capabilities, Key Manager Plus Cloud now supports the discovery and management of SSL certificates and client secrets associated with Azure applications. To uphold security best practices, only certificate and client secret hints are imported during discovery. However, users have the flexibility to create and securely store new Azure secrets directly within Key Manager Plus Cloud. Furthermore, discovered SSL certificates can be selectively imported into the centralized certificate inventory, enabling streamlined and secure lifecycle management.

Note: The SSL certificates and client secrets of Azure applications that are managed through Key Manager Plus Cloud will be included in the license count.
Telia Integration
Key Manager Plus Cloud now supports integration with Telia, a certificate authority that issues SSL/TLS certificates through the ACME protocol. With this integration, users can request, obtain, deploy, renew, and automate the complete lifecycle of Telia-issued certificates directly from the Key Manager Plus Cloud interface. Users can now add additional ACME providers directly from the Integrations page, offering greater flexibility.
Enhancements
18 items
Certificates that are auto-renewed through third-party Certificate Authorities (CAs) will now be automatically deployed to their designated servers, ensuring seamless certificate lifecycle management and uninterrupted service availability.
When domain expiry notifications are enabled under the Notification Policy, domain expiration details will now be audited for better tracking and compliance.
A new private key filter has been introduced in SSL Certificates Reports, allowing for more refined and efficient certificate management.
Certificates and Certificate Signing Requests (CSRs) can now be created with the desired SAN formats, including DNS Name, IP Address, RFC822 Name, URL, Directory Name, and Registered ID.
Certificates with private keys can now be exported in PKCS AES-256 format.
Key Manager Plus Cloud now supports automated renewal of domain-validated certificates issued by ACME-compliant CAs, including Let's Encrypt, Buypass Go SSL, ZeroSSL, and other custom ACME providers.
Users can now export CSR content in the PKCS8 key format for improved compatibility.
In addition to importing a CSR file, users can now import a CSR directly using CSR content.
Users can now import a private key for an SSL certificate using the key content, in addition to uploading a private key file.
In SSL discovery under MS Certificate Store >> Microsoft Certificate Authority, the Get Templates option for Template Name/OID now displays the template list sorted alphabetically by Display Name.
When adding a certificate group, users can now filter and select certificates based on expiry days.
Users can now update the expiry notification email for SSL certificates in bulk using the Update Email Expiry option under the SSL >> Certificates >> More drop-down menu. Additionally, users can update distinct expiry notification emails in bulk for diverse SSL certificates using a CSV file.
Users can now update the expiry notification email for CSRs directly from the SSL >> CSR tab.
The Auto-Deployment Audit section is now available for AWS-ACM, listing certificates that are automatically deployed to their designated servers upon auto-renewal, along with their deployment status.
Users can now export certificates of issued orders and the private keys of orders created in Key Manager Plus Cloud directly from the public CA tabs, enabling more flexible certificate management.
Key Manager Plus Cloud now allows users to create schedules to import existing orders of third-party CAs into Key Manager Plus, enabling periodic synchronization of certificate orders.
Key Manager Plus Cloud now supports JKS file imports that use separate passwords for the keystore and the private key, improving compatibility with diverse keystore configurations.
Deploying SSL certificates to Azure Key Vault is now supported. The deployed certificates can be managed from Integrations >> Azure >> Azure Key Vault >> Certificates.
Behavioral Changes
2 items
Azure Key Vault secrets are now considered in the license count within Key Manager Plus Cloud. Any secrets discovered from or created for Azure Key Vault will be included in the total number of keys for licensing purposes.
Previously, when a deployed server had no port number or the port was unreachable, the sync status was shown as "NA". Going forward, unreachable ports will be displayed as "NA", and servers that do not have port numbers will be displayed as "Invalid host or port".