What is KMA™?
Exostar Key Management Agent (KMA™) is a Java based application developed by Exostar. KMA™ replaces ActiveX as your tool for downloading digital certificates on your hardware token.
Users will need to use Exostar KMA™ to download and install certificates on to USB PKI hardware tokens (i.e., MLOA hardware). For Software or Disk-based PKI Identity and Email certificates you do not need to install and use KMA.
To self-check KMA™ click here.
Exostar offers various types of authenticators to access services including Managed Access Gateway (MAG). Some of the authenticators Exostar offers are:
- USB PKI hardware tokens (Medium Level of Assurance MLOA hardware)
- Software or Disk-based PKI Identity
- Email certificate (Basic Level of Assurance BLOA software)
- OTP hardware tokens and mobile application (phone-based OTP authenticators)
Who should install KMA™?
You will need to download and install KMA™ if you are:
- A MAG user downloading digital certificates for hardware token for the first time
- A MAG user renewing digital certificates for hardware token
- An Enterprise Proofer
| Level of Assurance | Requirements |
|---|---|
| Basic Level of Assurance (BLOA) Software BLOA SecureEmail Software | • Does not require in-person identity check (no proofing required) • User does not have to download KMA™ • Identity certificates are stored on the user’s computer |
| Medium Level of Assurance (MLOA) Software | • In-person proofing required • User does not have to download KMA™ • All 3 certificates (signature, identity and encryption) are installed on the user’s computer |
| Medium Level of Assurance (MLOA) Hardware | • In-person proofing required • User has to download KMA™ but can use any modern browser • All 3 certificates (signature, identity and encryption) are installed onto a USB token |
How do I install KMA™?
The KMA™ application is packaged in a Microsoft Installer (MSI) file which will guide you through the setup process.
To download and install KMA™, click the link –
https://portal.exostar.com/kma/ExostarKeyManagementAgentDesktop-1.0.77.msi
To download and install Corporate KMA™, click the link –
https://portal.exostar.com/kma/ExostarKeyManagementAgentDesktop-corporate-1.0.77.msi
| KMA Version | Details |
|---|---|
| KMA Desktop | https://portal.exostar.com/kma/ExostarKeyManagementAgentDesktop-1.0.77.msi MD5: 9f63b6f5e605605e7d8f7c5fb3f72985 SH2: 884a3825b24fe6fb546196fdeb6b8b2abe5c17e91a3fd05c4042def94da545d8 |
| KMA Corporate | https://portal.exostar.com/kma/ExostarKeyManagementAgentDesktop-corporate-1.0.77.msi MD5: f8e1f0b1862463e1576d717fb16686e1 SH2: 3d2f75145652a16fdc999857e63c68c9bb93cb7292368a1198d4b15acdbe4907 |
| DMG | https://portal.exostar.com/kma/Exostar KMA-1.0.77.dmg MD5: 69159d47d6a4c1517236f37a6a7c9722 SH2: 6ab65f22d40826b6ccb9e52521c7b098c853f26b6462def5552f57c47516ad04 |
| JSON | JSON File: https://portal.exostar.com/kma/ekma.json |
| MAC OSX | OSX: https://portal.exostar.com/kma/Exostar%20KMA-1.0.79.dmg |
Is my system compatible with KMA™?
The following operating systems and browsers are compatible with KMA™:
| Operating System | Chrome (132.0.6834.15) | MS Edge (131.0.2903.63) | Firefox* (132.0.2) | Safari (26.0) |
|---|---|---|---|---|
| Windows 11 | Yes | Yes | Yes | N/A |
| Windows 10 | Yes | Yes | Yes | N/A |
| MAC OSX | No | No | No | Yes |
*NOTE: If you use Firefox to download KMA™ for software certificates, the certificates will be imported into OS key store. Users will have to manually import the certificates into Firefox for 2FA into MAG.
Frequently Asked Questions
(*Version 1.0.79 is being tested and will be released soon – posted October 23, 2025)
1. Exostar SafeNet Client
2. Exostar KMA™
Common Issues
We encourage our users to check if any of the errors you are seeing is listed below before reaching to Exostar Customer Support.
Downloadable Guides
FIS Product Guide: Full user guide on FIS product and how to download certificates.
Related Pages: