IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
ManageEngine automates TLS certificate post-deployment

ManageEngine automates TLS certificate post-deployment

Thu, 16th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

ManageEngine has added post-deployment automation for TLS certificates in Key Manager Plus, completing automated certificate life cycle management in the software.

The feature automates tasks that typically follow certificate renewal, including pushing certificates to target servers, running configured scripts, restarting dependent services, and notifying stakeholders. It works across both on-premises and cloud deployments.

The update comes as organisations prepare for shorter validity periods for public TLS certificates under CA/Browser Forum rules. The current period of 200 days is set to fall to 100 days and then to 47 days, increasing renewal frequency and adding to the burden on IT and security teams.

Certificate management has often focused on discovery, monitoring, and expiry alerts, with some organisations also automating renewals. For many teams, post-deployment work has remained manual, even though several operational tasks may be needed before a renewed certificate is fully live in production.

That final stage is becoming more important as renewal cycles tighten. A certificate that once needed annual attention may now require handling several times in the same period, increasing the risk of operational mistakes and service disruption where teams still rely on manual processes.

ManageEngine said the update is designed to remove that risk by covering the final phase of the workflow. In practice, a renewed certificate can be distributed to the required server environment and related service actions triggered without administrator intervention.

A customer example from RevSpring, a payment solutions provider based in Nashville, Tennessee, illustrates the pressure shorter certificate lifespans can create for large estates. The company described a sharp rise in the number of certificates it needed to manage after validity periods were reduced.

"We're going from under 200 certificates to over 2,000, across a lot of domains, different server setups, credentials and post-deployment actions for nearly all of it. We've had to dedicate significant engineering time to certificate management alone since the change to 200 days. With the 47-day certificate renewals coming up, automation is the only way we can keep up, and Key Manager Plus' CA-agnostic, certificate life cycle management has helped us automate the whole thing," said Jonathan Choiniere, Infrastructure Manager at RevSpring.

Last manual step

ManageEngine positions the addition as the final part of a broader certificate automation workflow. Key Manager Plus already covered discovery, renewal, and deployment. The post-deployment update extends that workflow to restarting dependent services and alerting teams once the certificate is live.

Vasudevan Seshadri, Director of Product Management at ManageEngine, said the operational burden increasingly lies beyond the renewal itself.

"Certificate renewal is rarely the hard part. The work that piles up on teams is what comes after it, at scale: pushing certificates to the server, restarting the services, and confirming they actually went live. End-to-end automation is what turns a 47-day renewal cycle from a scramble into something that runs on its own. With Key Manager Plus, we are eliminating the last manual step in the life cycle management loop," said Seshadri.

Planning impact

Alongside the software update, ManageEngine has introduced a calculator to help organisations estimate the effect of 47-day certificate validity. The tool is intended to measure exposure based on certificate volumes, renewal labour, and outage risk, then compare those figures with a more automated operating model.

That reflects a broader issue for companies with large machine identity estates. As TLS certificates, SSH keys, and other credentials proliferate across applications, servers, and cloud environments, the administrative overhead of tracking and renewing them has shifted from a background security task to a more visible operational concern.

Key Manager Plus is part of ManageEngine's wider portfolio of IT management and security products. The software is used to manage SSL and TLS certificates, Azure secrets, SSH keys, and other machine identities from a central system.

The latest change also gives the product the same certificate automation functions across its on-premises and cloud versions. For customers running mixed environments, that means the same workflow can be applied regardless of where services are deployed.

For IT teams dealing with more frequent renewals, the issue is not only administrative effort but also service continuity. A certificate that is renewed but not correctly installed, or one that fails to trigger a required restart, can still lead to downtime even if the renewal itself succeeds.

The reduction in certificate validity periods is likely to keep automation high on the agenda for security and infrastructure teams, particularly in sectors with large volumes of internet-facing services.