>
    Strata Copilot
    Activate Next-Generation Trust Security
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security overview
    5. Activate Next-Generation Trust Security
    Next‑Gen Trust Security

    Activate Next-Generation Trust Security

    Table of Contents

    Activate Next-Generation Trust Security

    Where can I use this?

    • Strata Cloud Manager

    What do I need?

    • Purchased Secure-Flex Credits
    • Superuser role
    • Network Administrator role

    Conceptual Overview: Next-Generation Trust Security Overview

    Next-Generation Trust Security is a Machine-Identity Management (MIM) solution that automates all certificate inventory analysis, including public and enterprise trust certificates, to manage and secure your organization's digital certificates. It provides visibility into your certificate posture and renewal impact, helping prevent service disruptions caused by expiring certificates. The solution performs real-time analysis of certificate validity, expiration dates, and compliance posture, especially in response to industry shifts towards shorter certificate validity periods, such as the 47-day mandate. You gain insights into your certificate inventory through the 47-Day Validity Readiness dashboard, which analyzes your domain's public certificates and projects the impact of renewal mandates.
    Only one instance of Next-Generation Trust Security can be activated per tenant. Activation and consumption are based on a capacity-based credit model, using Secure-Flex Credits, Secure Certificate Instances (SCIs), and term length.

    Procedure: Activate Next-Generation Trust Security

    This procedure guides you through activating the Next-Generation Trust Security application in Strata Cloud Manager using your pre-purchased Secure-Flex Credits.
    1. Open the purchase confirmation email containing your Order ID, Credit ID, and credit Quantity.
    2. Click Login to Get Started to log into the Activation console to activate Next-Generation Trust Security.
    3. From the Subscriptions dashboard, review your Secure-Flex Credits overview.
    4. Locate the Next-Gen Trust Security product card.
    5. Click Activate to open the activation form.
    6. Specify the Tenant Service Group (TSG) for deployment:
    7. Review or edit the Domain name. This field is pre-populated with the domain name associated with the email address used for the credit purchase. Before modifying this value, consult your Public Key Infrastructure (PKI) administrator, as it is used to discover public certificates on the internet. You can add additional domains directly within the product after activation.
    8. Select the deployment Region. This cannot be changed after activation.
    9. Enter the Number of Secure Certificate Instances (SCI). Minimum is 2000 SCIs, in increments of 200. Credit consumption is calculated at a rate of 55.5 credits for every 100 SCI.
    10. Review and accept the Terms and Conditions.
    11. Click Activate Now. Observe the updated Available Balance on the Secure-Flex Credits dashboard.
    12. Monitor the activation status until it changes to active.
    13. Once active, click Launch.

    © 2026 Palo Alto Networks, Inc. All rights reserved.