logo
logo
Newsletter

Do you prefer to receive KeyTalk news directly in your mailbox? Sign up for our newsletter!

Questions?

Any specific questions? Perhaps the frequently asked questions or downloads will help you further.

Other questions, or are you just wondering what KeyTalk can do for your organization? Feel free to contact us. We would greatly enjoy thinking about it together.

We also offer our customers 24/7 support.

Get support
Yes, KeyTalk can handle multiple CAs. Both private CAs, such as Microsoft Active Directory Certificate Server, as well as public CAs, such as GMO GlobalSign or DigiCert QuoVadis.
Yes, KeyTalk develops functionality and integrations based on customer demand and the business case. When a required integration is not yet supported and is technically feasible, you can make a successful integration possible together with KeyTalk Business Unit. This integration will then be integrally incorporated into our software and thus also be maintained.
Yes, KeyTalk can generate private keys with sufficient entropy, as part of the centrally generated Certificate Signing Requests (CSRs). These asymmetric key pairs can be stored in its own AES256 encrypted management database or in a linked Hardware Security Module (HSM). As soon as a key pair expires or becomes invalid, the KeyTalk platform will regenerate this key pair and the associated certificate, either automatically or semi-automatically through a workflow process.

Our definition of short-lived X.509 certificates: certificates that do not last longer than the time it takes for a current Certificate Revocation List (CRL) to be updated and distributed from the moment they are issued. Do you normally work with CRLs that are updated once a day? Then, short-lived certificates are valid 24 hours shorter. Online Certificate Status Protocol (OCSP) radiators are theoretically much faster than CRLs to update, but in practice, it usually takes longer than the average time to update a CRL to establish the necessity of including a certificate in an OCSP up to and including the actual inclusion of a certificate in an OCSP. This means that OCSPs are usually no more practical than a CRL when it comes to short-lived X.509 certificates.

KeyTalk can assign any lifespan to a certificate to be issued, as the target Certificate Authority supports this. The shortest validity that KeyTalk can assign to a certificate is 1 second.

More Frequently Asked Questions

Downloads

Windows: Enterprise KeyTalk agent

Version: 7.8.0

Download: Default

Hashcode: SHA256: b12eddaaa7fdc470323a2551d90f7b4077bf97e60fc11e2a6ae2d1deeae15027

► Download Software

► Manual

► Release Notes

KeyTalk Enterprise agent 7.8.0 brings the latest KeyTalk functionality to Windows 10 and 11, as well as Windows Server 2016 – 2022 with IIS 10 and IBM WebSphere 9.x and any other application you can provide a custom PowerShell script for. All default Windows certificate store supporting browsers are supported including Google Chrome, Firefox, Microsoft IE, Edge, Opera, Brave, and Safari.

Enterprise version 7.8.0 adds business logic to support CA/B Forum regulations for S/MIME for Business when using the internal KeyTalk InternalDB as your RA, as well as the ability to provide custom PowerShell scripts for confoguring a certificate and key for any target server application.

This latest release added support for automated recent and historic Shared Mailbox S/MIME fetching, installation and configuration for Outlook

Our latest user interface simplified Secure Email Service Windows agent for use with KeyTalk’s HSES can be found here (SHA256: 4a59f179d43dde8f2d966365c5ab44b76d0c438a09d248e5e06b80b3412679d6

Secure Email Service Windows agent

Version: 7.8.0

Download: Default

Hashcode: 4a59f179d43dde8f2d966365c5ab44b76d0c438a09d248e5e06b80b3412679d6

► Download Software

► Manual

► Release Notes

This latest release added support for automated recent and historic Shared Mailbox S/MIME fetching, installation and configuration for Outlook

Our latest user interface simplified Secure Email Service Windows agent for use with KeyTalk’s HSES can be found here (SHA256: 4a59f179d43dde8f2d966365c5ab44b76d0c438a09d248e5e06b80b3412679d6

 

 

Mac OSX KeyTalk client

Version: 7.7.9

Download: App Store

Hashcode: https://keytalk.com/support#

► Download Software

► Manual

► Release Notes

KeyTalk agent for Mac version 7.7.9 brings the latest KeyTalk functionality to Apple’s OSX devices.

It supports the latest CA/B forum requirement for public trusted S/MIME issuance.

Our optional hardware recognition adds an additional factor on top of your existing authentication. This client is compatible as of KeyTalk virtual appliance 5.6.5.

Download the most recent DMG here SHA256: cefdd931289eadbe30c197bbc4240987146fba045cc5b85ca10a8a8301d76bc3

Download the most recent PKG here SHA256: 53ef8f07e0f35d70edc50d37c22deb084a289f9eeaf94ae6274f80895f7e4408

Download the previous version 6 DMG here SHA256: 6f385578afeb234899f98b3883a741dcd666d3e091d9d795fe91e614a3d1c350

Linux and Apache/TomCat KeyTalk agent

Version: 7.5.14

Download: Default

Hashcode: https://keytalk.com/support#

► Download Software

► Manual

► Release Notes

KeyTalk’s command prompt client 7.5.14 brings KeyTalk issued and managed certificates to various Linux OS.

7.5.14 for Ubuntu 22.04 adds extended TPM support and TPM key attestation, as well as Chrome bowser support, and supports Kerberos authentication incl automated renewal.

KeyTalk’s optional hardware recognition leverages your existing authentication, and enables you to easily recognize BYOD and Corporate devices to belong to only specific employees, partners, and customers.

Ensure you have a recent configuration file (RCCD) as this client makes use of the YAML standard not found in older KeyTalk configuration files.

KeyTalk virtual application server OVF/VMDK for VMware and AWS

Version: 7.6.1

Download: Default

Hashcode: https://keytalk.com/support#

► Download Software

► Manual

► Release Notes

KeyTalk 7.6.1 (ZIP = 25.4 GB) virtual appliance (Ubuntu 22.04 LTS based) in OVF/VMDK format brings you the latest KeyTalk X.509 certificate automated life-cycle management and seamless enrollment for client, server and Internet of Things devices. For your internal private CA’s and public CA’s.

Use it to automate replacing your X.509 certificates on any device, and always have up to date strong keys and certificate meta data in your SSL/TLS certificates.

Customers and partners can install this virtual appliance onto their VMWare ESXi environment.

For AWS, simply login to your AWS account, search in public AMI for KeyTalk and launch the KeyTalk CKMS AMI from any region.

 

Need a production or trial license? Just contact your preferred KeyTalk partner or email us, and we will have you up and running in no time.

To decrypt any created encrypted native KeyTalk backups or Problem reports, you will need a Linux system running this AES-256-GCM decryption tool.

Do check if a new firmware update exists on this page to upgrade this virtual appliance to the latest greatest version.

 

For High Availablity clustering, you will need a Load Balancer and a MySQL DB to store the shared data between multiple KeyTalk virtual appliance front-ends.

The latest single (ie non-clustered) stand-alone MySQL 8 virtual appliance (ZIP 5.16 GB), compatible as of KeyTalk firmware 7.6.1 can be downloaded here.   SHA256: EE8FF29934D9AB82E12C169B90C7F81706388A9402897358AD80E17EC116DE4D

Should you already have a single or clustered MySQL DB in your network, or wish to make use of an Azure Flexi Server, you can use this documentation to setup your own DB.

KeyTalk virtual application server VHD for Azure and Hyper-V

Version: 7.6.1

Download: Default

Hashcode: https://keytalk.com/support#

► Download Software

► Manual

► Release Notes

KeyTalk 7.6.1 (ZIP = 31.2 GB) virtual appliance (Ubuntu 22.04 LTS based) in VHD (GEN-1 DISK) format brings you the latest KeyTalk X.509 certificate automated life-cycle management and seamless enrollment to client, server and Internet of Things devices. For your internal private CA’s and public CA’s.

Use it to automate replacing your X.509 certificates on any device, and always have up to date strong keys and certificate meta data in your SSL/TLS certificates.

Customers and partners can install this virtual appliance onto their Hyper-V and Azure environment.

 

Need a production or trial license? Just contact your preferred KeyTalk partner or email us, and we will have you up and running in no time.

To decrypt any created encrypted native KeyTalk backups or Problem reports, you will need a Linux system running this AES-256-GCM decryption tool.

Do check if a new firmware update exists on this page to upgrade this virtual appliance to the latest greatest version.

 

For High Availablity clustering, you will need a Load Balancer and a MySQL DB to store the shared data between multiple KeyTalk virtual appliance front-ends.

The latest single (ie non-clustered) stand-alone MySQL 8 virtual appliance (ZIP 7.66GB), compatible as of KeyTalk firmware 7.6.1 can be downloaded here.   SHA256: 2BFC27E002518E7EE11133523D08FB7684B1780A40C5E69808D0CC2EBF45C34F

Should you already have a single or clustered MySQL DB in your network, or wish to make use of an Azure Flexi Server, you can use this documentation to setup your own DB.

Although we were one of the first customers to choose the combined S/MIME Management and Automation Service from GlobalSign & KeyTalk and we had to overcome some initial hurdles, we got fantastic support from the KeyTalk team and the service is working perfectly now. I would absolutely recommend their S/MIME Management and Automation Service to any company that needs easy-to-use end-to-end secure email communication. — Matteo Snidero, Head of IT @ Finance in Motion

Contact KeyTalk