Key Manager Plus Release 6500 (Major) (April 2023)

New Features

• Kubernetes Integration
  We have introduced Kubernetes (K8s) integration, an open-source platform that automates containerized application deployment, scaling, and management. Kubernetes secrets, a feature provided by the Kubernetes platform, facilitates a secure way of storing Kubernetes TLS secrets (certificates) within Kubernetes clusters.
  The integration aids the administrator in securely fetching the Kubernetes TLS secrets (certificates) into Key Manager Plus, managing them within the single centralized repository, and rotating/updating the secrets obtained from multiple Kubernetes clusters.
  Navigate to 'SSL >> Kubernetes' to configure and manage all your Kubernetes TLS secrets (certificates) via Key Manager Plus.

• New User Role - SSL Power User
  We have introduced a new static custom role - SSL Power User. Users designated with this role will have elevated privileges to perform complete SSL certificate management capabilities.

Enhancements

• As a part of this release, Digicert is added as a vendor to the SSL Store list. The previously available SSL Store vendors, which include Thawte, Geo Trust, and Rapid SSL, will now be a part of Digicert.
• It is now possible to add an email address while configuring 'Certificate Sync Status Check' from 'Settings >> SSL >> Certificate Sync Status'. Once added with the configured recurrence time interval, the list of all the SSL certificates with their deployed servers will be sent to the given email address, with the following details: days to expire, date of expiry, serial number, and fingerprint.
• Henceforth, while creating a Certificate Signing Request (CSR), only the Common Name, Validity, and Store Password will be the mandatory fields.
• We have added the following additional key sizes to the key algorithms for increased security strength:
  • 3072 and 4096 key sizes for RSA
  • 2048 and 3072 key sizes for DSA
• Key Manager Plus now supports SHA256 SSL fingerprint to encrypt the SSL certificates. Administrator can navigate to 'Settings >> SSL >> SSL Fingerprint' to change their SHA values. All the existing certificates can also be changed to SHA256 fingerprint by enabling the checkbox provided.
• From now on, the dashboard on the Key Manager Plus homepage will not consider the EC certificate key size into account for the 1024-bit and lesser keys calculation.

Bug Fix

• Previously, when an administrator tried to rediscover the certificates in an organization, it failed with an empty error message. This issue has now been fixed.

Security Fixes

• A Remote Code Execution (RCE) vulnerability reported on the SSH server by passing malicious links has been fixed.
• An issue that allowed the users with the Operator role to access the server with the pre-opened terminal even after revoking the permission has been found and fixed.
• A stored XSS vulnerability caused by an image uploaded during the rebranding of Key Manager Plus has been found and fixed.