Prerequisites Checklist

• Secure-Flex Credits activated - See Activate a License or Product
• PKI administrator has configured Next-Gen Trust Security - See Get Started with Next-Gen Trust Security
• Certificate authority configured - See Configure a Certificate Authority
• Issuing templates created and linked to NGFW application - See Configure a Certificate Authority
• Appropriate RBAC permissions - See RBAC table below

Certificate Management Workflow

• Navigate to InsightsSecurityNetwork Trust Security
• Certificates sync from your Strata Cloud Manager configuration
• See Access the Network Trust Security Page

• Bring certificates under Next-Gen Trust Security management
• Click Manage for individual certificates or Manage All for bulk operations
• Managed certificates appear in Next-Gen Trust Security certificate inventory
• Note: Managed certificates count against your license; unmanaged certificates do not
• See Manage Certificates in Next-Gen Trust Security

• Click Renew for managed certificates needing renewal
• Next-Gen Trust Security generates new certificate using issuing template
• Renewed certificate imports back to Strata Cloud Manager
• Push the updated configuration to your firewalls to complete the update - see Push Config
• See Renew Certificates Using Next-Gen Trust Security

RBAC Permissions

Certificate Filtering

• Certificates in subscribed snippets
• GP_Log_Certificate (system-managed)
• Certificate signing requests (CSRs)
• CA certificates
• Certificates used in decryption rules

Known Issues

Additional Resources

• Complete Next-Gen Trust Security Documentation: Next-Gen Trust Security
• Certificate Discovery: Start Discovering TLS Certificates
• Advanced Certificate Management: Manage Certificates in Your Inventory
• Next-Gen Trust Security Integrations: Get Started with Integrations
• Issuing Templates: Configure a Certificate Authority
• Push Configuration: Push Config
• Strata Visions: Get Started with Strata Visions