Product Update > 2025 > Winter

What's New:
Winter Update

Welcome to the Winter Product Update - your quarterly roundup of the newest innovations across Keyfactor.

Explore What's New
Request a Demo

What’s new this winter

This update strengthens automation in Command, expands PQC support in EJBCA, adds clarity to signing workflows, and previews major advancements coming in AgileSec 3.4.

Highlights at a Glance

Command 25.4

Command 25.4

Sharper navigation. Clearer risk insights. Better EJBCA workflow integration.

Learn More
EJBCA 9.4

EJBCA 9.4

Expanded PQC readiness, stronger compliance, smoother automation.

Learn More
Signing Updates

Signing Updates

Native macOS signing, hybrid agents, and simpler SignServer authentication.

Learn More

Keyfactor Command 25.4

Everything in this release strengthens how teams find, fix,
and stay ahead of certificate risk.

Edit EJBCA Templates in Command

Edit EJBCA Templates in Command

With Command 25.4, administrators can manage key EJBCA settings directly within Command, eliminating platform switching while ensuring consistent certificate templates across dev, test, and production. With streamlined certificate profile updates, it’s faster and easier for teams to apply changes and maintain alignment with security policies. 

New Left-Side Navigation

New Left-Side Navigation

The new left-side navigation introduces a cleaner, more modern layout that reduces clicks and makes it easier to reach key workflows. It also improves multitasking, allowing administrators to move smoothly between operations without losing context.

Risk Intelligence Tab

Risk Intelligence Tab

The new Risk Intelligence tab surfaces critical risks instantly, replacing the old view that required users to parse and interpret metadata. With improved sorting and filtering, teams can zero in on the most urgent problems, and the clearer presentation of risk details makes remediation planning more straightforward.

EJBCA 9.4

Built for shrinking certificate lifespans
and rising operational pressure.

01

Expanded PQC Support

ML-DSA support across AWS KMS, Thales, Utimaco, Entrust, Fortanix, and Securosys.
Explore Keyfactor PQC Lab

02

Compliance & Security Updates

• Separate key pair to support SCEP and FIPS 140-3
• Third-party CVE vulnerability visibility
• Streamlined admin flows and inline configuration
• ACME Renewal Information
• Vulnerability management policy
• Third-Party CVE visibility

03

Next-Generation EJBCA Appliances

• New 1 HU industrial-grade hardware layout
• Container-based software architecture
• Support for net-attached HSMs
• PQC signing for Thales Luna & Utimaco
• External database integration
• USB HSM support for offline roots

04

Automation & Administration Enhancements

• ConfigDump enhancements for scalable automation
• SFTP publishing option for flexible integrations
• Flexible deployment workflows
• Modernized admin experience (inline editing, tabbed UI)

Smarter, Simpler signing – now with macOS support

Cross-platform signing has finally landed.

Businessman Writes Signing Contract, Designs, Draws, Or Sketches Projects Through A Tablet On The Office Desk. Hand Concept Stamp Of Approval On A Public Notarization Certificate Document Electronic.

AgileSec 3.4
(Coming January 2026)

AgileSec 3.4 delivers faster, more intuitive secrets and key management with streamlined workflows and expanded automation, making it easier for teams to secure and govern machine identities at scale.

Read more about the Winter Update

Explore blogs, release notes and other resources
related to the latest Keyfactor update.