Certificate hostname verification

This release brings several new features, some bugfixes and security enhancements. Before upgrading, please read these release notes.

Certificate hostname verfication

Before 7.2, KeyHub did not always check the subject of certificates against the hostname for LDAP connections. This could lead to certificates wrongfully being accepted as trusted. Before upgrading to KeyHub 7.2 review your certificates. Make sure the hostnames of LDAP directories and LDAP or AD linked systems match with the subject entry of the used certificates. Failing to do so can cause your directory to go offline after which you can no longer login.

New features and improvements

A brand new section under settings was added for managing certificates used by KeyHub. Here you can upload and review certificates and private keys used for secure connections in KeyHub.

Throughout KeyHub markers are added hinting you about misconfiguration or the use of discouraged settings. For example, you will be warned when TLS is disabled or misconfigured. Also groups with only 1 administrator will be highlighted or when a vault is at risk of becoming inaccessible.

It is now possible to replace the global vault recovery key. Use this when your vault recovery private key has been compromised or is lost.


The following bugfixes were applied:

  • Several typo's in sent e-mails.
  • E-mail From for responses to requests now correctly shows the person accepting/rejecting a request.
  • Requests to remove groups are now handled correctly.
  • Screen layout is greatly improved for all edit screens. Allowing for larger input field while taking less space.