.png){kind=logo}
JUNE 2026
The Signum team is pleased to announce the release of Signum 4.80.1, released to the Keyfactor Customer Portal where upgrades can be scheduled when convenient.
Highlights
ECC Support in PKCS#11
Signum expands the supported algorithms beyond RSA. Signum now has added support for ECC signature algorithm to match the demand for use cases such as IoT tools or other scenarios requiring smaller keys without compromising on cryptographic strength.
For more information, see Interoperability.
Fortanix and Thales DPoD Attestations
Signum now provides the option to download an attestation after generating a CSR in Signum. This feature only applies to CSRs created after updating to 4.80.1. For more information, see Requests | Key Attestations. Keyfactor Support is in the process of enabling this feature across deployments during the month of June.
SAN values in CSR
Certain signing tools, such as cosign, require that the certificate include a Subject Alternative Name (SAN). Signum has added support to provide an email address as SAN value during the CSR generation. See Requests | Subject Alternative Names (SAN).
Added System Logs from Admin Web to Splunk Collector
The Signum integration with Splunk collector has been improved by adding the system logs from Admin Web to be forwarded to the external storage. See Events and Services | Splunk HTTP Event Collector.
OVFTool Guide with Signum
This release includes a step-by-step guide on how to use Signum to sign Sign Virtual Machines (OVA). See Sign Virtual Machines (OVA).
Announcements
Starting with version 4.80.1, the 32 bit versions of the Windows Agent are deprecated and will no longer be released.
Change Log: Resolved Issues
The following lists implemented features and fixed issues in Signum 4.80.1:
New Features
SD-815 Support adding SAN values during CSR generation
SD-912 Add System Logs from Admin Web to Splunk Collector
SD-913 Improve Policy definition in System Logs
SD-976 Test and document cert auth support in container agent
Improvements
SD-357 Remove 32 bits agents
SD-523 Modify securityModule interface to add ECDSA classes and objects
SD-524 Modify agent interface to add ECDSA and PQ classes and objects
SD-525 Add certificate key type and key size column in certificates, CSR and hsm_key_info tables
SD-526 Support generate new ECDSA key type
SD-580 Update Server to better handle agent connect after app pool and lazy server
SD-832 Local Users account permanent vs temporary are not distinguished in the RTAgentAPI
SD-845 Save config details in Keychain
SD-885 Make sure that System Logs and Events entries always include the external IP
SD-902 Automate Listing & Deleting Orphan Keys
SD-910 Update error message for failed certificate login
SD-914 Standardize server url parameter in signum-util for Signum and SignServer
SD-933 Improvments to pkcs11 token.
SD-936 Standarize windows, linux and mac agent pkcs11 library names
SD-965 Review container included packages.
SD-966 Remove pre-installed openssl packages from Mac Agent
SD-969 Support adding SAN values during CSR generation with SignServer backend
SD-983 Add more trace information in LoginByCertificate method in the AuthAPI.
SD-986 Add a global certificate usage count
SD-996 Display SAN information in the certificate import wizard
SD-998 Allow reset the first SAN entry
SD-1026 SQL connection pool errors
SD-1038 Remove unnecessary san type selection (only Email supported)
SD-1056 Add option to configure keychain or file based storage via signum-util
SD-1097 Refactor SAN entry default behavior in Generate CSR form
Bugs
SD-806 Fix JWTToken expiration time
SD-920 Update signum-util lc to not truncate long CN
SD-927 Signum Mac agent installer should not override existing config at /etc/keyfactor/config
SD-932 Generating a CSR from a DN generates an unknown error
SD-950 Input redirect doesn't work for the password on the Signum Agent setup.
SD-956 Fix linux agent job to publish .deb and .rpm to the right folder in artifactory.
SD-984 AgentAPI events not registered behind the WAF
SD-997 Renew certificate keeps some CSR configuration fields while others are reset
SD-1010 Error overwriting the keyfactor.module file and symbolic link to signum-util
SD-1039 CryptoToken field changes behavior after reset
SD-1086 Certificate groups not loading and cannot be added to roles
SD-1091 Login with user not assigned to a role mentions Personal Area
SD-1099 Mac agent doesn't remove /Library/Keyfactor/Signum folder
SD-1101 Logout events from the agent are registred with the server ip
SD-1106 Deleting a Client Auth certificate fails
SD-1112 User cannot view Client Auth Certificate details