ManageEngine Key Manager Plus - Release Notes

Key Manager Plus Release 5.5 (Jan 2018)

New Features / Enhancements

  • Microsoft CA certificate signing :
    Key Manager Plus now allows users to get certificate requests signed from Microsoft Certificate Authority, thereby facilitating complete life cycle management for certificates issued by Microsoft Certificate Authority.
  • Integration with CMDB :
    Key Manager Plus now provides the option to sync SSL certificates in its repository with ManageEngine Service Desk Plus CMDB, allowing administrators to map certificates to specific servers / applications in the CMDB and monitor their usage and expiration from Service Desk Plus' CMDB.
  • SSL Certificate group :
    This enhancement allows users to organize SSL certificates into logical groups based on various criteria and execute actions in bulk on the groups.
  • Option to enforce access restrictions by assigning users to specific certificate groups during user additions.
  • Date based discovery filter for Microsoft Certificate Authority certificate discovery.
  • Option to separately track and manage various versions of the same SSL certificate (with the same common name).
  • Option to change Key Manager Plus' web server port directly from the user interface.
  • Option to import and map a private key to certificate has been supported.

Bug Fixes

  • Earlier, when generating certificate signing requests with SAN names, the SAN names were not updated. This has now been fixed.
  • Earlier, there were issues with fetching the system locale on Microsoft CA discovery. This has now been fixed.

Key Manager Plus Release 5.2 (Aug 2017)

New features / Enhancements:

  • SSL certificate vulnerability scan:
    Users can now scan for vulnerabilities in SSL certificates managed using Key Manager Plus. Vulnerability scan is performed on SSL certificates as well as the end-point servers. Key Manager Plus will check for certificate revocation status, certificate-server mismatch, usage of weak encryption algorithms (such as the SHA-1) pertaining to the selected certificate. Also, the end-point servers are scanned for configuration vulnerabilities such as HEARTBLEED, POODLE and usage of weak protocols and cipher suites.
  • Users can also schedule periodic vulnerability scan on selected or all certificates in Key Manager Plus repository, obtain e-mail notifications and comprehensive reports post the scan.
  • Graphical representation of private-key availability for a given certificate in the SSL → Certificates view.
  • Option to download keystore, pfx and private-key files for a given SSL Certificate.
  • Option to install SSL certificate for Key Manager Plus server from the product interface.

Bug fixes:

  • Earlier, Edit resource group action was being redirected to Add Resource Group window. This has now been fixed.

Key Manager Plus Release 5.1 (May 2017)

New features / Enhancements:

  • Landing server support for SSH key management:
    Option to connect to remote networks through landing servers, thereby overcoming the barriers created by network segmentation. Also supports ssh key management for these remote servers.
  • Option to deploy certificates onto Windows server (Internet Information Services) and Microsoft Certificate Store directly from product interface.
  • Option to identify the different versions of certificates deployed and also the list of servers in which a certificate is deployed.
  • Option to add user generated private keys when requesting for certificates from Let's Encrypt CA.
  • Key Manager Plus now supports MSSQL as database back end.
  • Option to fetch latest authorized_key file,edit and push the file to respective user accounts.

Bug fixes:

  • Earlier, there were display issues with SSH home directory settings. This has now been fixed.
  • Earlier, there were issues while adding .der encoded certificates using Add certificate option. This has now been fixed.

Key Manager Plus Release 5.0 (Feb 2017)

New Features / Enhancements 

  • End-to-end certificate life-cycle management through integration with Let's Encrypt CA:Key Manager Plus now allows you to request, procure, deploy and automatically renew SSL certificates for your domains from Let's Encrypt, the renowned Certificate Authority.
  • Discovery:
    • Option to discover and manage certificates from Windows Certificate store.
    • Option to exclusively discover and manage certificates issued by Windows Certificate Authority.
  • Deployment: Option to deploy SSL certificates as well as JKS/PCKS12 keys to end-point servers directly from the product interface.
  • Reports: Additional reports on certificate deployment, certificates deployed on multiple servers, SHA-1 certificates, Let's Encrypt certificates, Let's Encrypt certificate requests.
  • Option to export audit records on key and certificate discovery.
  • Enhancements to identify SSH user home directory.
  • Certificate request workflow enhancements:
    • Options to specify device name/ IP address while raising a certificate request.
    • Options to automatically import the obtained certificate into .pfx/.keystore file.
    • Option to e-mail certificate and JKS/PKCS keys while closing a certificate request.

Bug Fixes

  • Earlier, there were connection issues with ubuntu16.04 server. This has now been fixed.
  • Earlier, operator users can view all the users in various user groups. This has now been fixed. The operator users can now view only those users present in their own user groups.

Key Manager Plus Release 4.5 (Oct 2016)

New Features / Enhancements 

  • RESTful APIs for SSL, SSH and Key store:  Key Manager Plus now provides RESTful APIs, which help you to connect, interact and integrate any application with Key Manager Plus directly. The APIs also allow applications to create, fetch, associate digital keys and add, retrieve or manage users programmatically.
  • Option to discover and manage certificates mapped to user accounts in Active Directory. Both on-demand and scheduled discovery options are supported.
  • Support to leverage RADIUS server authentication.
  • New report on wildcard certificates deployment scenario.
  • Report on the user certificates imported from Active Directory.

Bug Fixes

  • Earlier, there were issues with date based sorting in the certificates and scheduled views. This has been fixed.
  • Earlier, SSL discovery schedule took too long to complete on failure cases. This has been fixed.
  • Earlier, email address was mandatory while saving schedules. This has been made optional.

Key Manager Plus Release 4.1 (Aug 2016)

New Features / Enhancements 

  • Option to push the private key, public key or both to remote user accounts. This feature is also available as part of key rotation schedule.
  • Administrator users can now add commands, restrict hosts and carry out other actions on a public key and push the authorized_key file to the remote user account. They can also view the current authorized_key file content.
  • Administrator users can now be able to view the passphrase of the SSH keys, SSL certificates and other keys.
  • Option to import multiple SSL certificates is supported now.
  • Option to effectively track SSL certificate expiry through a new scheduled task.
  • Dashboard settings will be persisted in the database.

Bug Fixes

  • Earlier, when root credentials were incorrect and key based authentication is enabled, there was an issue in associating private keys to users. This has been fixed.
  • Earlier, there was an issue in importing .pfx (personnel certificates) through import keystore option. This has been fixed.
  • Active Directory authentication issue in Key Manager Plus Windows 32 bit build has been fixed.

Key Manager Plus - Release 4.0 (June, 2016)

New Features

  • SSL Certificate Management- Key Manager Plus provides visibility and centralized control over the entire life cycle of SSL certificates across any network and thereby helps prevent downtime, compliance issues, and security breaches.

    Highlights of SSL certificate management include:

    • Discovery: Discovers all SSL certificates deployed in the network, irrespective of the issuing certificate authority (CA), including self-signed ones.
    • Centralized Inventory: Consolidates all discovered certificates and stores them in a secure, centralized repository for easy access and management.
    • Track Certificate Details: Tracks all certificate information, including name of the CA, date of issue, encryption algorithm, key length and other vital details.
    • Control Certificate Signing Requests: Centrally controls new CSR process. Handles key-pair creation process and provides ready-to-use CSR data files to be sent to the CA for getting new certificates.
    • Expiration Alerts: Tracks certificate validity and sends alerts about the certificates that are about to expire. Generates reports on expiry status of certificates.
    • Flag SHA-1 Certificates: Identifies certificates that use SHA-1 hashing function (which is found to be weak), prompting administrators to revoke the certificates and create new ones.
    • Ensure Compliance: Ensures that the encryption algorithms and underlying key lengths comply with various industry regulations.

  • Key Store- Key Manager Plus provides a secure repository for the storage of any digital key.

    Using the Key Store feature of Key Manager Plus, you can:

    • Add any digital key file (< 1MB) to the Key Manager Plus repository.
    • Map the digital key to a particular application, instance, and location (i.e, AWS, Azure data centers etc), to easily locate, track, and maintain them.
    • Maintain versions of the digital key files.
    • Generate report of all digital keys in use along with their details.


  • Earlier, for SSH key management, user accounts could be added only if their associated credentials were provided. Now, a feature has been added to manage users using only SSH key pairs (without providing their passwords).
  • SSH Private Key Group : This enhancement helps to organize SSH private keys as a logical group and execute key rotation, report creation, key group deployment and other operations in bulk.
  • SSH User Group : This enhancement helps to organize SSH users into a group and execute actions in bulk on the group.
  • Earlier, the private keys were deployed in the default location. Now, option has been provided to change the remote server user account authorized_key file location (i.e /home/test/.ssh to var/home/test/.ssh) both in bulk and for individual user accounts.
  • Support is now provided for JUNOS based Juniper devices.


  • Earlier, licensing was based on the number of SSH users. Henceforth, licensing would be based on the number of keys, which includes SSH private keys, SSL certificates, and the number of keys in the Key Store, which are managed using Key Manager Plus.