About the Certificate Inventory
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
About the Certificate Inventory
The Certificate Inventory provides a centralized view of all certificates managed in Next-Gen Trust Security. As your certificate inventory grows, search and filtering tools help you quickly locate certificates and review their status and details.
You can select any certificate in the inventory to view its details and take supported actions.
Note: Only certificates stored in the Inventory are included in certificate counts. Certificate counts shown throughout the UI reflect only certificates present in the inventory, ensuring consistency across views.
Summary View TLS Certificates dashboard
The Summary View TLS Certificates dashboard provides a high-level overview of certificate metrics based on your access permissions and TSG scope.
Access and Permissions
- Required Permissions: Users must have the appropriate Strata Cloud Manager (SCM) role permissions to view the Certificate Inventory dashboard.
- Parent TSG: The dashboard viewed from the parent TSG includes certificates in the parent TSG and all child TSGs nested below it. Filtering can be applied to limit the view to certificates in a subset of TSGs.
- Child TSG: The dashboard viewed from a child TSG only includes certificates in that specific child TSG.
The Summary View displays the following metrics:
- Total number of certificates in the inventory
- Expired certificates
- Revoked certificates
- Certificates expiring within 15 days
TSG Hierarchy and Inventory Visibility
Access to certificates in the inventory is controlled by your TSG scope:
- Parent TSG: The inventory accessed from the parent TSG includes certificates in the parent TSG and all child TSGs nested below it. Filtering can be applied to the inventory to limit the view to certificates in a subset of TSGs.
- Child TSG: The inventory accessed from a child TSG only includes certificates in that specific child TSG.
Claiming Unowned Certificates
Certificates in the parent TSG can be marked as unowned, a designation that allows them to be claimed by users or Built-In Accounts with sufficient privileges.
How Claiming Works
- Users and Built-In Accounts with the appropriate claim permissions can claim unowned certificates from the parent TSG
- Claiming an unowned certificate transfers ownership to the claimer's TSG
- Permission-based visibility: If a user does not have permission to claim unowned certificates, those unowned certificates will not be listed in their child TSG inventory
Required Permissions
- Web UI actions: Users must have the appropriate SCM role permissions to perform web UI actions on certificates, including claiming unowned certificates
- API actions: Built-In Accounts must have the appropriate SCM role permissions to perform API actions on certificates, including claiming unowned certificates
Certificate Details Drawer
When you click a certificate, a details drawer opens on the right side of the screen. The drawer displays detailed information about the selected certificate while keeping the inventory visible.
Clicking a linked value in the inventory opens the corresponding tab within the drawer. Use the X in the top-right corner to close the drawer.
Column Menu
Use the Columns button to control which columns are visible in the inventory.
For visible columns, hover over a column name to access the column menu (three-dot icon).
What does each column type mean?
| Term | Definition |
|---|---|
| Actions | Supported operations available for the certificate. |
| CA Connection | The certificate authority connection used to issue the certificate. |
| Certificate Name | The name assigned to the certificate. |
| Checkbox selection | Selects one or more certificates for bulk actions. |
| Cloud Keystore | The cloud keystore where the certificate is stored. |
| Cloud Provider | The cloud provider hosting the certificate. |
| Errors | Critical issues detected for the certificate. |
| Expires In | Remaining time before certificate expiration. |
| Extended Key Usage | Intended purposes of the certificate key. |
| Fingerprint | Cryptographic hash used to uniquely identify the certificate. |
| Id | Unique identifier for the certificate record. |
| Imported From | Source used to import the certificate. |
| Issuing CA | Certificate authority that issued the certificate. |
| Key Strength & Type | Cryptographic algorithm and key size. |
| Managed Since | Date the certificate began being managed. |
| Origins | How the certificate was obtained (issued, imported, or discovered). |
| Revocation Date | Date the certificate was revoked. |
| Revocation Reason | Reason provided when revoking the certificate. |
| Revocation Status | Current revocation state as reported by the issuing CA. |
| Signature Hash Algorithm | Hash algorithm used to sign the certificate. |
| Tags | User-defined labels for organizing certificates. |
| TLS Server Endpoints | TLS endpoints using this certificate. |
| Validity (Days) | Total validity period of the certificate. |
| Warnings | Non-critical issues or risks detected for the certificate. |
For most columns, you can:
- Filter certificates by column value.
- Sort visible records by the column.
- Pin a column to the left or right for easier navigation.
- Show or hide columns to customize your view.
Tip: Sorting applies only to the certificates currently visible. Apply filters first if the inventory spans multiple pages.
Searching and Filtering
Use the Search field to locate certificates by values such as certificate name, subject DN, issuer DN, or SANs.
The Filters option lets you build advanced queries across multiple columns. Filter settings are reflected in the page URL, allowing you to bookmark commonly used views or share filtered links with colleagues.
For detailed guidance, see Using filters to find certificates.
Display Settings
Use Columns to control visible fields and Density to adjust row spacing in the inventory.
Export
Use Export to download the currently visible inventory data, including column headers, as a CSV file.
Certificate Actions
From the Certificate Inventory, you can perform common certificate lifecycle actions, including: