Retiring, recovering, and deleting certificates
Table of Contents
Retiring, recovering, and deleting certificates
Next-Gen Trust Security lets you retire certificates that are no longer in use. Retired certificates are removed from active inventory but kept temporarily so you can recover them if needed.
What does “retire” mean?
Retiring a certificate moves it out of the active Certificate Inventory and into a temporary holding state. Retired certificates:
- Are not monitored
- Cannot be associated with applications
- Can be recovered during the retention period
After the retention period ends, retired certificates are permanently deleted.
Retire a certificate
- Sign in to Next-Gen Trust Security.
- Click Inventory > Certificates.
- Find the certificate you want to retire.You can select more than one certificate.
- Select the checkbox next to each certificate, then click Retire in the inventory toolbar.
- In Retire certificate, keep Do not rediscover this certificate selected if you do not want future discovery scans to find it again.
- Click Retire.
- To view retired certificates, change the inventory view to Retired certificates.
![]()
Recover a retired certificate
- Click Inventory > Certificates.
- Change the inventory view to Retired certificates.
![]()
- Find the certificate you want to recover.
- Select the certificate, then click Recover.
- (Optional) In Recover certificate, assign the certificate to an application.
- Click Recover.
The certificate is returned to the active inventory.
Delete a certificate permanently
Retired certificates are automatically deleted after the configured retention period.You can also delete a retired certificate immediately.
To delete a certificate permanently:
- Open the certificate from the Retired certificates view.
- Click Delete forever.
Once deleted, the certificate cannot be recovered.