2026 Monthly Release - 25.3.2 Notes

January 2026

Keyfactor announces Keyfactor Command 25.3.2 which includes some fixes.

Please refer to Keyfactor Command Upgrading for important information about the upgrade process. For a complete list of the items included in this release, see Release Note Details v25.3.2. For gateway and CA Connector Client release notes, see:

• CA Connector Client Release Notes
• Keyfactor Cloud Gateway Release Notes
• Keyfactor Windows Enrollment Gateway Release Notes
• KeyfactorAnyCAGateway DCOM Release Notes
• Keyfactor AnyCA Gateway REST Release Notes

Fixes

• Fixed: The Keyfactor Universal Orchestrator now correctly supports CA synchronization to Keyfactor Command when using OAuth as an identity provider.
• Fixed: While adding a new certificate store, values selected in dropdown fields are now retained correctly and not cleared on setting secret values.
• Fixed: The audit log grid in the Management Portal now correctly sorts by Timestamp even when there are a very large number of audit records (multiple millions) rather than generating a SQL timeout.
• Fixed: The Timestamp query parser for the audit log grid now uses localized time rather than UTC time, matching the timezone used for the Timestamp display on the audit log grid.
• Fixed: The Management Portal now loads checkboxes and other form controls correctly in environments using a restrictive content-security policy (CSP); previously, the font-src 'self' directive blocked embedded WOFF2 font data, preventing these controls from rendering.
• Fixed: The Subscriber Terms section of the CSR Enrollment page now appears, if configured, when Auto-Select is chosen as the Certificate Authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. value.
• Fixed: Limited access users of the Management Portal with permissions only to import certificates or to view collections not displayed in the navigator The Navigator is the Keyfactor Command left-hand (newer versions) or top (older versions) navigation menu. Certificate collections and reports can be configured to be added to the menu using user-defined Show in Navigator settings. can now successfully reach those items (the latter through Collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). Manager).
• Fixed: Security roles with a large number of members (100+) no longer cause an unexpected performance issue when loading Management Portal pages.
• Fixed: Performance improvements have been implemented around building the cache of security claims and roles to reduce the impact on the SQL server.
• Fixed: The Configure with PFX option now preserves deleted SANs during certificate renewal, addressing a rare scenario in which removed SANs could be restored.
• Fixed: The search field on the Identity Permissions dialog for a certificate (see Identity Permissions) now correctly can be used to limit the identities shown in the dialog.
• Fixed: The Workflow Schedule (CRL only) section with Workflow start field, which was inadvertently removed, has been restored to the revocation monitoring alert configuration dialog.

Known Issues

• Searches for workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. instances using the InitiatingUserName query parser fail with an “invalid column name” error. This will be corrected in a future release.