New Post-Deployment Automation in Key Manager Plus Removes the Last Manual Step in Certificate Renewal as Lifespans Gradually Shrink to 47 Days
CHENNAI (India CSR) — ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management and security solutions, today announced post-deployment automation for TLS certificates in Key Manager Plus, its certificate life cycle and machine identity management solution. The latest update helps enterprises automate the final stages of certificate renewal by pushing certificates to the target server, running configured scripts, restarting dependent services, and notifying stakeholders, enabling the whole certificate life cycle to run without manual intervention.
As organizations across India accelerate cloud adoption, digital transformation, and AI-led innovation, they are managing a rapidly growing number of machine identities and TLS certificates across increasingly distributed IT environments. This growing certificate footprint is driving enterprises to modernize certificate life cycle management and adopt more scalable operational practices.
Historically, most organizations did not have much incentive to automate certificate management. Even the ones that did adopt automation workflows limited it to discovery, periodic expiration alerts, and in some instances, automated renewals. That changed when the CA/Browser Forum voted to reduce the maximum validity of public TLS certificates, phasing down from the legacy 398-day validity period to a 200-day period in March 2026 (current cadence), which will drop to 100 days by March 2027, and finally 47 days by March 2029.
“We’re going from under 200 certificates to over 2,000, across a lot of domains, different server setups, credentials and post-deployment actions for nearly all of it. We’ve had to dedicate significant engineering time to certificate management alone since the change to 200 days. With the 47-day certificate renewals coming up, automation is the only way we can keep up, and Key Manager Plus’ CA-agnostic, certificate life cycle management has helped us automate the whole thing,” said Jonathan Choiniere, infrastructure manager at RevSpring, a payment solutions provider based in Nashville, Tennessee.
Automating the Last Mile of Certificate Renewal
Getting the certificate live is the last step in the renewal process, and this post-deployment task has primarily been handled manually by many teams. While this works when teams are renewing one certificate a year, as certificate lifespans shrink and the same steps repeat roughly eight times as often, manual errors become more likely and the cost of an outage can run into the millions. Certificate Authority (CA)-agnostic automation enables organizations to standardize certificate life cycle management regardless of their existing CA provider, simplifying operations across diverse IT environments.
“Certificate renewal is rarely the hard part. The work that piles up on teams is what comes after it, at scale: pushing certificates to the server, restarting the services, and confirming they actually went live. As certificate validity periods continue to shrink, enterprises need end-to-end automation to maintain security, operational resilience, and business continuity. With Key Manager Plus, we are eliminating the last manual step in the life cycle management loop,” said Vasudevan Seshadri, director of product management at ManageEngine.
Helping Enterprises Prepare for Shorter Certificate Lifecycles
To help organizations assess the impact of the reduced certificate validity mandate, ManageEngine has introduced a 47-day TLS impact calculator. Based on certificate volume, renewal effort, and outage exposure, it estimates the operational impact of shorter certificate life cycles and compares it against a fully automated renewal process. Available across both on-premises and cloud deployments, Key Manager Plus helps organizations standardize certificate life cycle management while reducing operational and compliance risks associated with expired or improperly deployed certificates.
Key Manager Plus
ManageEngine Key Manager Plus is a machine identity management solution that automates the life cycle of SSL/TLS certificates, Azure secrets, SSH keys, and other machine identities. It gives enterprises the ability to consolidate, manage, and automate those identities from one place. Available both on-premises and in the cloud, it helps teams move to a fully automated, hands-off approach to certificate life cycle management.
(India CSR)
