ManageEngine has announced post-deployment automation for TLS certificates in Key Manager Plus, its certificate lifecycle and machine identity management solution. The new capability completes the certificate lifecycle management loop by automating deployment, script execution, service restarts, and stakeholder notifications without manual intervention.
ManageEngine added post-deployment automation to Key Manager Plus, completing the certificate lifecycle management loop.
The automation pushes certificates to target servers, runs scripts, restarts services, and notifies stakeholders.
Certificate validity periods are phasing down to 200 days (2026), 100 days (2027), and 47 days (2029).
Manual certificate renewal becomes unsustainable as lifespans shrink and renewals increase roughly eightfold.
The solution is CA-agnostic and works identically across on-premises and cloud deployments.
ManageEngine released a 47-day TLS impact calculator to help organizations assess their exposure.
ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management and security solutions, today announced post-deployment automation for TLS certificates in Key Manager Plus, its certificate life cycle and machine identity management solution. Key Manager Plus now automates the final stages of certificate renewal, pushing certificates to the target server, running configured scripts, restarting dependent services, and notifying stakeholders, so the whole certificate life cycle runs without manual intervention.
Historically, most organizations did not have much incentive to automate certificate management. Even the ones that did adopt automation workflows limited it to discovery, periodic expiration alerts, and in some instances, automated renewals. That changed when the CA/Browser Forum voted to reduce the maximum validity of public TLS certificates, phasing down from the legacy 398-day validity period to a 200-day period in March 2026 (current cadence), which will drop to 100 days by March 2027, and finally 47 days by March 2029.
"We're going from under 200 certificates to over 2,000, across a lot of domains, different server setups, credentials and post-deployment actions for nearly all of it. We've had to dedicate significant engineering time to certificate management alone since the change to 200 days. With the 47-day certificate renewals coming up, automation is the only way we can keep up, and Key Manager Plus' CA-agnostic, certificate life cycle management has helped us automate the whole thing," said Jonathan Choiniere, infrastructure manager at RevSpring, a payment solutions provider based in Nashville, Tennessee.
Getting the certificate live is the last step in the renewal process, and this post-deployment task has primarily been handled manually by many teams. While this works when teams are renewing one certificate a year, as certificate lifespans shrink and the same steps repeat roughly eight times as often, manual errors become more likely and the cost of an outage can run into the millions.
"Certificate renewal is rarely the hard part. The work that piles up on teams is what comes after it, at scale: pushing certificates to the server, restarting the services, and confirming they actually went live. End-to-end automation is what turns a 47-day renewal cycle from a scramble into something that runs on its own. With Key Manager Plus, we are eliminating the last manual step in the life cycle management loop," said Vasudevan Seshadri, director of product management at ManageEngine.
To help organizations assess their own exposure to the reduced certificate validity mandate, ManageEngine has also released a 47-day TLS impact calculator. It lets enterprises quantify what the mandate means for them based on three factors: the size of their certificate estate, their current renewal labor, and their outage exposure. From there, it compares those numbers against what they will look like once their TLS certificate life cycle is fully automated. That automation is what Key Manager Plus delivers, and it runs identically whether teams deploy on-premises or in the cloud.
About Key Manager Plus
ManageEngine Key Manager Plus is a machine identity management solution that automates the life cycle of SSL/TLS certificates, Azure secrets, SSH keys, and other machine identities. It gives enterprises the ability to consolidate, manage, and automate those identities from one place. Available both on-premises and in the cloud, it helps teams move to a fully automated, hands-off approach to certificate life cycle management.
About ManageEngine
ManageEngine is a division of Zoho Corporation and a leading provider of IT management and security solutions for organizations across the world. With a powerful, flexible, and AI-powered digital enterprise management platform, we help businesses get their work done from anywhere and everywhere—better, safer, and faster.