Manage every mobile device certificate with Key Manager Plus
Integrate Mobile Device Manager Plus with ManageEngine Key Manager Plus to orchestrate the end-to-end management of every X.509 certificate on your device.
Integrate Mobile Device Manager Plus with ManageEngine Key Manager Plus to orchestrate the end-to-end management of every X.509 certificate on your device.
Public TLS certificates used to last about a year. Under a new Certification Authority Browser Forum mandate, that maximum lifespan has dropped to 200 days (since March 15, 2026) and will drop to 100 days next year and 47 days by 2029. For teams managing device fleets, that means significantly more renewal events across every certificate that keeps devices connected and compliant.
What this means for your organizationMost MDM environments have more exposure to public TLS certificates than people realize. The VPN gateways, Wi-Fi networks, and mail servers your devices connect to often use public certificates.
When any of those expire, the team managing the devices is usually the first to hear about it. Shorter certificate lifespans mean more frequent renewals across all of them and more chances for something to slip and cause downtime on devices for which your team is responsible.
Public certificates protect the tunnel every device falls back on.
802.1X authentication leans on certificates devices must trust.
SMTP/IMAP endpoints serve thousands of mobile clients simultaneously.
Key Manager Plus integrates directly with Mobile Device Manager Plus, so your team can manage the certificates on every enrolled device from one place. It pulls in what's already deployed, flags what's approaching expiration, and handles renewals and redeployment across the fleet without requiring device-by-device effort. With renewal cycles getting significantly shorter, that kind of automation becomes a necessity.
Key Manager Plus isn't limited to managing the certificates already on your devices. It integrates directly with public certificate authorities (CAs), like DigiCert, Sectigo, Let's Encrypt, GlobalSign, and GoDaddy, along with any CA that supports the ACME protocol. That means your team can request, renew, and deploy public TLS certificates from within Key Manager Plus without switching between CA portals. Certificates approaching expiration are flagged automatically and can be set to auto-renew so the shorter lifespans from the new mandate don't translate into more manual work.
Manage the full life cycle of every certificate on every managed device from a single console.
Get in touch with us to see the integration live. Try a free trial if you want to set things up yourself.
