Managing Certificate Lifecycle Settings
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Managing Certificate Lifecycle Settings
Managing certificate lifecycle settings helps you control how certificates are discovered, renewed, and retired in Next-Gen Trust Security. These settings apply globally and affect how certificates appear and behave in the Certificate Inventory.
Access Certificate Lifecycle Settings
- Sign in to Next-Gen Trust Security.
- Click Configuration > Certificate Lifecycle.
This opens the Certificate lifecycle page, which is organized into the sections described below.
Certificate Discovery
This section lets you manage certificates that were previously retired and intentionally excluded from rediscovery.
You can clear the Do not rediscover list to allow previously retired certificates to be discovered again.
Click Clear list to remove all certificates from the list.
Tip: If you need to recover a specific certificate instead of clearing the entire list, see recovering retired certificates.
Certificate Expiration Notification Policy
This section lets you configure notification rules associated with your certificate inventory.
Enable Certificate Inventory Monitoring. When this setting is off, Next-Gen Trust Security doesn't send any notifications.
Next-Gen Trust Security provides three notification rule thresholds. Each threshold specifies the number of days before a certificate expires that a notification is sent. You must configure all three thresholds.
For each threshold, specify how many days in advance of a certificate’s expiration Next-Gen Trust Security should send the notification.
Each day at a set time, the system checks the certificate inventory. If a certificate’s expiration date matches a threshold and a notification hasn’t already been sent for that threshold, the system sends a notification.
Certificate Retirement
This section controls how long retired certificates remain available in the system before they are permanently removed.
You can specify the number of days to retain retired certificates, which helps balance operational recovery needs with inventory cleanup.