What do you want to learn about?
Follow these suggestions and links to find relevant documentation about DigiCert® Trust Lifecycle Manager.
Overview of Trust Lifecycle Manager
These topics provide general information to help you understand how Trust Lifecycle Manager works:
Set up your account
When you first get access to Trust Lifecycle Manager, we create an account for your organization. You customize the account and add users so they can start using Trust Lifecycle Manager.
If your organization is new to Trust Lifecycle Manager, the following topics help you customize and start using your account:
Learn about your account dashboard and inventory page.
Add account users and enable API access.
Configure your account settings, apply your own branding, and set up the self-service portal for end users.
Set up business units to help organize your account inventory and resources.
Make sure you have seats available for the asset types you will manage.
Set up your operating environment
Trust Lifecycle Manager is CA agnostic and functions as a centralized control point for managing all your organization’s digital trust operations in one place.
Trust Lifecycle Manager provides connectors to help you build out your digital trust ecosystem and integrate all your external resources. Select the links below to learn more about available connector types.
Connector type | Supported platforms and systems |
---|---|
A10, Citrix ADC, F5 BIG-IP LTM | |
AWS Private CA, Entrust, Let's Encrypt, Microsoft | |
Amazon CloudFront, AWS Application Network Load Balancer (ALB), AWS Network Load Balancer (NLB), AWS Certificate Manager (ACM) | |
Azure, Cloudflare, CloudXNS, DNS Made Easy, DreamHost, GoDaddy, Google DNS, NS1, OVH, RFC2136, Route 53, Sakura Cloud | |
Ansible, Chef, Istio, Puppet, SaltStack | |
ServiceNow | |
Qualys, Tenable | |
Microsoft Intune | |
Azure Key Vault, HashiCorp Vault |
Discover and import your assets
Use the discovery and import functions to bring your existing digital assets into Trust Lifecycle Manager so you can monitor and manage them all in one place.
Discovery is built into various connector types. For example, when you connect to a network appliance or cloud service, we look for existing certificates and endpoints to import from it. And when you connect to external CAs, you have the option to import existing certificates from them.
Trust Lifecycle Manager also provides pro-active discovery tools to help you locate and import digital trust assets throughout your organization:
Network scans to find certificates and calculate security ratings by IP address/hostname and port numbers.
Systems scans to find a range of cryptographic assets throughout your servers' file and operating systems.
API-based imports to upload certificates from external CA systems.
Request new certificates
When you’re ready to issue new certificates through Trust Lifecycle Manager, an admin needs to create certificate profiles.
Each profile defines the properties for a certain type of certificate, including the issuing CA, the supported methods for requesting/enrolling certificates from that CA, and how to authenticate those requests.
Once you create some certificate profiles, you can start enrolling new certificates from them in a variety of ways.
End users:
Use the self-service portal to request certificates over the web.
Use the DigiCert Trust Assistant (DTA) application to request and auto-enroll/renew certificates directly from the Windows or macOS desktop.
Admins:
Submit requests using a web-based form and have the certificates delivered to your servers, vaults, or AWS cloud services.
Use the managed automation tools to request and install certificates for your web servers, network appliances, and cloud applications.
Enroll certificates using the API, or standard protocols such as SCEP, EST, CMP, and ACME.
Check the how-to guides for comprehensive instructions about how to integrate and get certificates for specific systems and platforms.
Use the enrollments page in Trust Lifecycle Manager to monitor and approve/reject end user certificate requests.
Hinweis
Trust Lifecycle Manager supports new post-quantum cryptography (PQC) algorithms so you can start preparing for the future demands of Internet security.
Automate certificate lifecycle management
Traditionally, managing certificates has required a lot of manual work and been susceptible to security lapses, service disruptions, and customer frustrations.
With Trust Lifecycle Manager, you can automate lifecycle management to make sure you always have valid certificates installed, with little or no user intervention required.
Choose the automation methods that work best for your organization:
Use managed automation to automate lifecycle management directly from the Trust Lifecycle Manager web console for certificates deployed on web servers, network appliances, cloud services, and vaults.
Use third-party ACME clients to automate certificate management from the command-line interface (CLI) on your web servers.
Set up scripts to automate pre- and post-installation tasks for user and server certificates.
Use the REST API to create your own custom integrations and automation solutions.
Monitor your digital trust operations
Trust Lifecycle Manager provides powerful tools to help you track all your digital trust assets, identify security vulnerabilities, and ensure you always have valid certificates installed on key systems:
Your inventory page is a centralized book of records for monitoring all your certificates, keys, and endpoints in one place.
Your account dashboard provides customizable widgets to help you analyze assets and see alerts and security ratings for them.
Set up notifications to make sure key people get alerted when there are important security and lifecycle events.
Use the reporting and auditing tools to check logs and generate custom reports.