- DigiCert product docs
- What's new
- Release notes
- DigiCert KeyLocker
DigiCert KeyLocker
Release notes RSS
Recent releases
December 18, 2025
DigiCert® ONE version: 1.11494.7 | DigiCert KeyLocker: 1.1163.0
Included in this release:
Enhancements
New version of DigiCert ONE Clients
DigiCert ONE clients version 1.5.1 is now available for download for Windows, Mac, and now Linux.
As part of ongoing improvements to DigiCert ONE Clients, we have made minor improvements and bug fixes to limit errors, improve usability, and security.
Fixes
Issues with detected OpenSSL vulnerabilities
We resolved an issue where signing applications contained OpenSSL vulnerabilities.
With this release, the latest Click-to-Sign includes updated libraries with no known vulnerabilities.
November 19, 2025
DigiCert® ONE version: 1.11351.10 | DigiCert KeyLocker: 1.1137.0
Included in this release:
New
Introducing DigiCert® Binary Signing GitHub Actions
Code signing using DigiCert® Software Trust Manager with GitHub Actions is a streamlined, keypair-based signing workflow that improves software security and seamlessly integrates with DevOps processes to sign binaries on Windows, Linux, and Mac.
This action delivers a dramatically improved code signing experience, richer automation, and broader platform support.
Review the following features of this action:
Simple signing mode: A streamlined signing workflow designed to simply configuration and improve performance.
Sign code without relying on third-party tools
A unified, consistent signing experience across Windows, Linux, and macOS
Delivers faster signing by removing library overhead and reducing unnecessary API calls
Optimized installation: Enhancements designed to speed installation, reduce redundant downloads, and ensure accurate tool updates.
Faster, consistent downloads of required signing tools
Automatically checks CDN-hosted checksums to detect and download new tool versions
Supports GitHub’s caching service across both hosted and self-hosted runners
To learn more, see Code signing with DigiCert Software Trust Manager in GitHub.
注意
This release of this GitHub Actions indicates the beginning of the EOS / EOL period for the previous code signing GitHub Actions.
If you've already configured your account for this soon-to-be deprecated action, then please review the deprecation / migration information in GitHub.
Enhancements
Getting started wizard available to all users
In a previous release, we had a limited launch of a new guided wizard experience that helps users to get started with KeyLocker and start signing quickly.
With this release, this wizard experience is available to all users, without the need to contact your Account Manager.
To access the KeyLocker wizard:
In the Managers (
) menu, select KeyLocker.Go to Get started.
Follow the on-screen instructions to get ready to sign.
November 12, 2025
DigiCert® ONE version: 1.11351.7 | DigiCert KeyLocker: 1.1135.0
Included in this release:
Fixes
Issues with sending signature alerts
We resolved an issue where signature-usage alert emails (80%, 90%, and 100% thresholds) weren't being sent.
With this release, all signature-consumption thresholds trigger the correct email notifications.
Issues with SMCTL healthcheck
We resolved an issue where the SMCTL healthcheck command wouldn’t add an entry to the database when signing tools weren't present. (For macOS, signing tools were never returned even when available.)
With this release, the SMCTL healthcheck command now correctly logs database entries across all OSes, even when signing tools are absent.
November 6, 2025
DigiCert® ONE version: 1.11351.2 | DigiCert KeyLocker: 1.1133.0
Included in this release:
Enhancements
New version of DigiCert ONE clients
DigiCert ONE clients version 1.5.0 is now available for download for Windows, Mac, and now Linux.
With this upgrade, we are introducing:
Support for Linux. To learn more, see Get started with DigiCert ONE Clients.
Support for dynamic authorization, which enables secure API communication between your tool and the server-side KeyLocker module for user-based authentication. To learn more, see Dynamic authentication commands.
To learn more about the updates in this new version, see DigiCert ONE Platform.
New getting started wizard
We have introduced a guided wizard experience for getting started with KeyLocker to start signing quickly.
To learn more, see Signer guide.
注意
In this release, this wizard isn't available to all users. To enable, contact your Account Manager.
Fixes
Updated support for macOS
In DigiCert ONE, the Start signing with DigiCert KeyLocker guide has been updated to clearly indicate support for macOS as an option when setting up credentials and client tools. While macOS was previously supported, it wasn't listed in the corresponding dropdown as an obvious selection.
September 24, 2025
DigiCert® ONE version: 1.10937.15 | DigiCert KeyLocker: 1.1093.0
Included in this release:
Enhancements
KeyLocker support in DigiCert ONE Clients app
The DigiCert ONE Clients now supports DigiCert KeyLocker. This mean DigiCert KeyLocker, in addition to Software Trust Manager and Trust Lifecycle Manager users can use the app to download, automate configuration, and keep their client tools up-to-date.
September 3, 2025
DigiCert® ONE version: 1.10937.1 | KeyLocker: 1.1087.0
Fixes
Fixed signer update error
We resolved an issue where users received a Error parsing JSON object error when attempting to change the signer to themselves. Users can now successfully update the signer without encountering this error.
August 14, 2025
DigiCert® ONE version: Not applicable | DigiCert KeyLocker: Not applicable
Included in this release:
New
Action required: Add new DigiCert ONE clientauth IP addresses
On September 12, 2025, at 10:00 MDT (16:00 UTC), DigiCert will add new IP addresses for inbound requests using the Client authentication endpoint (clientauth.one.digicert.com).
To ensure proper connectivity for your client tools, you or your customers need to add the following IP addresses to applicable allowlists and firewall rules:
Classification | URL | IP addresses |
|---|---|---|
Client authentication endpoint | clientauth.one.digicert.com |
|
注意
*The current Client authentication IP address will remain active and should not be removed.
August 6, 2025
DigiCert® ONE version: 1.10789.1 | DigiCert KeyLocker: 1.1080.0
Included in this release:
Fixes
Resolved issue with broken documentation links
We updated two broken links that were displaying in the Start signing with DigiCert KeyLocker setup wizard. This update ensures the correct workflow to access DigiCert's documentation site.
July 30, 2025
DigiCert® ONE version: 1.10498.15 | DigiCert KeyLocker: 1.1075.0
Included in this release:
Enhancements
Style changes to DigiCert ONE
In the DigiCert KeyLocker section of DigiCert ONE, we have made significant style updates to the platform to improve the user experience, including:
Visual design updates:
Updated color palette
Refined typography styles for better readability and consistency
Component redesigns:
Redesigned date range picker and date picker
Refreshed button component
Changed upload component
Redesigned left navigation
Updated error pages
We will continue making additional design and styles changes in future releases.
July 28, 2025
DigiCert® ONE version: 1.10498.13 | DigiCert KeyLocker: 1.1072.0
Included in this release:
Enhancements
Updated SMCTL sign command for simple signing
We have added two flags that allow users to sign without the need of third-party tools or libraries:
--simple
This flag signs without the need of third-party signing tools and libraries and applies to simplified signing workflows.
--unsigned
This flag signs unsigned files and applies to simplified signing workflows.
To learn more, see Sign binary commands.
July 9, 2025
DigiCert® ONE version: 1.10498.4 | DigiCert KeyLocker: 1.1042.0
Included in this release:
New
DigiCert® ONE services downtime during scheduled maintenance on July 12
DigiCert must perform maintenance affecting DigiCert® Software Trust Manager, DigiCert® Document Trust Manager, and the PrimoSign signing service in our DigiCert® ONE USA location during scheduled maintenance on July 12, 2025, 22:00 – 24:00 MDT (July 13, 04:00 – 06:00 UTC). For more details, refer to the DigiCert Global 2025 maintenance schedule.
During this time, the Software Trust Manager and Document Trust Manager will be down for approximately 10 minutes, and the PrimoSign signing service will be down for approximately 30 minutes.
Services will be restored as soon as we complete our maintenance.
How does this affect me?
The Software Trust Manager maintenance starts at 22:00 MDT (04:00 UTC). At this time, the Software Trust Manager will be down for 10 minutes.
The Document Trust Manager maintenance starts at 22:10 MDT (04:10 UTC). At this time, the Document Trust Manager will be down for 10 minutes.
The maintenance affecting Document Trust Manager’s PrimoSign signing service starts at 22:00 MDT (04:00 UTC). At this time, the PrimoSign signing service will be down for 30 minutes.
Affected services
DigiCert ONE in our USA location:
DigiCert Software Trust Manager
DigiCert Document Trust Manager
PrimoSign signing service
What can I do?
Plan accordingly:
Schedule any high-priority code signing and document signing certificate-related tasks and signings before or after the maintenance window.
Schedule high-priority PrimoSign document signings before or after the maintenance window.
Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
Subscribe to the DigiCert Status page to get live maintenance updates. This subscription includes email alerts when maintenance begins and ends.
We apologize for any inconvenience. If you have questions or concerns, please contact your account manager or PKI Support | DigiCert.
June 18, 2025
DigiCert® ONE version: 1.10272.3 | DigiCert KeyLocker: 1.1042.0
Included in this release:
Enhancements
New flags for smctl sign commands
We have added new flags for SMCTL that allow users to define the application name in User Account Control (UAC) prompts.
This enhancement also enforces UTF-8 encoding to prevent character display issues, particularly on systems using Japanese language settings.
We have added the following flags:
Flag | Description |
|---|---|
--description | This flag:
|
--desc-url | This flag:
|
May 21, 2025
DigiCert® ONE version: 1.10046.5 | DigiCert KeyLocker: 1.1027.0
Included in this release:
Fixes
Resolved issue with smksp_cert_sync.exe execution failure
We resolved an issue where the smksp_cert_sync.exe process was failing during execution.
Resolved issue with PKCS#11 client tools functionality
We resolved an issue affecting PKCS#11 client tool commands, specifically the following commands: p11cat, p11ls, p11more, and p11od.
May 7, 2025
DigiCert® ONE version: 1.10046.1 | DigiCert KeyLocker: 1.1017.0
Included in this release:
Fixes
Issue with displaying “invalid date”
We resolved an issue where non-subscription KeyLocker orders were incorrectly displaying Invalid date in the Current subscription term field under Signature limit in DigiCert ONE.
This issue has been resolved; the field now only displays for retail subscription orders.
March 26, 2025
DigiCert® ONE version: 1.9525.6 | DigiCert KeyLocker: 1.964.0
Enhancements
KeyLocker renewal flows for subscriptions
We have introduced new renewal workflows for retail subscriptions in KeyLocker. With this release, when your subscription is renewed in CertCentral, KeyLocker will automatically update your order with the new subscription dates and allotted signatures.
Additionally with this release, email notifications are generated to KeyLocker account admins and assigned users regarding the new subscription period.
March 5, 2025
DigiCert® ONE version: 1.9525.1 | DigiCert KeyLocker: 1.954.0
Fixes
Fix for JCE code signing issue on Java 8
We have resolved an issue that prevented users from signing .jar files using the JCE method with Java 8.
Previously, attempts to sign using the documented jarsigner command failed, despite JCE method support for Java 8.
With this update, we have ensured compatibility of the JCE signing method with Java 8.
Notes::
For JDK versions 8 and 9, the Bouncy Castle library is required for the sign command.
For JDK version 10 and higher, the Bouncy Castle library is not required for the sign command.
February 13, 2025
DigiCert® ONE version: 1.9391.1 | DigiCert KeyLocker: 1.947.0
Enhancements
Upgraded client tools and software
To address user feedback, we have upgraded client tools and software. This update does not impact KeyLocker customers, and no user action is required.
Notifications for KeyLocker signature consumption
To keep users informed about KeyLocker signature consumption, in this release we have introduced email notifications.
When 80%, 90%, and 100% of signature units are used, an email will be sent to the assigned signer and all account admins, when applicable.
With this release:
Notifications trigger at 80%, 90%, and full consumption of signature units.
If the order is assigned to an admin, then all admins in the account will receive notifications.
If the order is assigned to a signer, then the signer and all admins will receive notifications.
Notifications will trigger when additional signature units are purchased and reach the 80% and 90% thresholds.
January 22, 2025
DigiCert® ONE version: 1.9100.6 | DigiCert KeyLocker: 1.933.0
Enhancements
Upgraded client tools and software
To address user feedback, we have upgraded client tools and software. This update does not impact KeyLocker customers, and no user action is required.
January 13, 2025
DigiCert® ONE version: 1.9100.2 | DigiCert KeyLocker: 1.926.0
Enhancements
Upgraded client tools and software
To address user feedback, we have upgraded client tools and software. This update does not impact KeyLocker customers, and no user action is required.
Fixes
Issues with documentation link
We resolved a broken documentation link in the Get started page in DigiCert One.