>
    Strata Copilot
    Manage Certificates in Next-Gen Trust Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Getting Started
    4. Configuration: Strata Cloud Manager
    5. Configuration: NGFW and Prisma Access
    6. Configuration: Objects
    7. Certificate Management
    8. Strata Cloud Manager Integration with Next-Gen Trust Security
    9. Manage Certificates in Next-Gen Trust Security
    Download PDF
    Strata Cloud Manager

    Manage Certificates in Next-Gen Trust Security

    Table of Contents

    Manage Certificates in Next-Gen Trust Security

    Bring certificates under Next-Gen Trust Security management to enable lifecycle tracking and renewal.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Secure-Flex Credits
    • One of these roles for Strata Cloud Manager Shared Services: Security Administrator, Superuser
    Certificates synced from Strata Cloud Manager are unmanaged by default. Unmanaged certificates appear in your Strata Cloud Manager configuration but aren't tracked in the Next-Gen Trust Security certificate inventory. Unmanaged certificates don't count against your license. You must explicitly manage certificates to enable Next-Gen Trust Security lifecycle capabilities, including renewal, expiration monitoring, and cryptographic policy enforcement. Managing Strata Cloud Manager certificates brings them under the same centralized visibility, policy enforcement, and lifecycle management as other critical certificates in your organization—ensuring consistent security standards, renewal processes, and monitoring across your entire certificate infrastructure. Once managed, certificates become visible in the Next-Gen Trust Security certificate inventory where you can track their lifecycle status and access advanced management features.
    1. Access unmanaged certificates.
      1. Navigate to InsightsSecurityNetwork Trust Security.
      The certificate table shows all certificates synced from your configuration.
      1. Look for certificates with Unmanaged status—these certificates exist in your configuration but aren't tracked by Next-Gen Trust Security.
    2. Manage certificates.
      • To manage a single certificate:
        1. Locate the certificate you want to manage in the table.
        2. Click Manage in the certificate's row.
        Next-Gen Trust Security syncs the certificate, its status changes to Managed, and it appears in the Next-Gen Trust Security certificate inventory.
      • To manage multiple certificates:
        1. Select the checkboxes for certificates you want to manage.
        2. Click Manage All above the table.
        Next-Gen Trust Security syncs all selected certificates and brings them under Next-Gen Trust Security management.
    3. Verify management status.
      After managing certificates:
      • Managed certificates appear in the Next-Gen Trust Security certificate inventory
      • You can now renew these certificates through Next-Gen Trust Security
      • Expiration tracking and monitoring activate automatically
      • Certificates remain visible in both Strata Cloud Manager and Next-Gen Trust Security interfaces
      Only managed certificates can be renewed through Next-Gen Trust Security. If you need to renew an unmanaged certificate, you must first manage it using this workflow. Remember that managed certificates count against your license.

    © 2026 Palo Alto Networks, Inc. All rights reserved.