We hope all our friends in the northern hemisphere are staying cool this summer ☀️🏝️. The Keyfactor team has been hard at work on making certificate lifecycle automation more powerful and easier to use for all users, PKI experts or not. Our latest version of Command has 250+ improvements, with some highlights including new post-quantum cryptography (PQC) capabilities, improved collaboration with in-app banners, and CSR as a new renewal option.
Let’s dive into the details 🏊♂️.
Command 25.2: Continuing the Post-Quantum Charge
Keyfactor Command’s latest PQC enhancements are focused on ML-DSA, a popular PQC algorithm due to its flexibility and variance of use cases
There’s been no shortage of PQC product enhancements at Keyfactor recently, with new certificate issuance and code signing PQC support available in EJBCA and SignServer, as well as PQC discovery improvements released earlier this year in Command.
In Command 25.2 we’ve added support for ML-DSA hybrid and PQC certificate enrollment via CSR and PFX and ML-DSA PQC certificates can now be imported and downloaded. ML-DSA in particular is a popular PQC algorithm, offering a good balance between security and efficiency with three parameter sets (ML-DSA 44, 65, and 87), offering users the ability to choose the right security and performance mix for their needs. It’s also ideal for IoT device security, with smaller key and signatures sizes.
If you’re interested in learning more about post-quantum cryptography and readiness, you can check out our Keyfactor Tech Days On Demand, our customer event that featured experts discussing first steps toward PQC, PQC use cases, achieving crypto-agility, and more.
Improved Collaboration Capabilities
Command’s new In-App Banners are fully customizable and can give users essential reminders and guidance on certificate management
More users than ever are involved with certificates as part of their day-to-day. Administrators can now configure custom messaging in distinct banners – letting Command users know essentials like if a certificate authority (CA) is down or there are new templates available. With everybody’s email and instant messaging apps already crammed full of messages and auto-replies from summer vacations – these banners ensure better cross functional communication in-the-moment for users.
Enhanced Certificate Renewal Options
A Certificate Signing Request (CSR) is a standardized and interoperable way to obtain digital certificates from CAs. The CSR issuance method is now available to utilize in Keyfactor Command, improving flexibility and expanding options based on customer preferences.
CSR may be preferred by some customers because it reduces the attack surface – the private key remains on the server or device ensuring it’s not compromised during the CA verification process. Additionally, this method retains certificate metadata, ensuring certificate details don’t get lost during a renewal.
Keyfactor Command Platform: Agentic AI, Risk Intelligence, and More
Keyfactor Command is elevating certificate lifecycle management with major platform upgrades in 2025. The new Command Risk Intelligence module delivers deeper visibility and actionable risk insights, empowering teams to prioritize and manage certificate risk using the powerful automation capabilities already in Command.
With the Command MCP Server prototype, you can prompt Claude to find the riskiest certificates, revoke & replace them, and more
We’ve also integrated Agentic AI into our Command MCP Server prototype, making it easier than ever to automate tasks and act on risk insights that’s as easy as prompting your favorite LLM.
Ready to stop certificate outages and start automating? Request a demo of Keyfactor Command or take a 30-day test drive using Microsoft Azure.
