Track progress of certificate automation requests
Follow these instructions and tips to track and monitor your automated certificate deployments in DigiCert® Trust Lifecycle Manager.
Check status of a certificate lifecycle event
To check the status of a scheduled lifecycle automation event for a certificate:
From the Trust Lifecycle Manager main menu, select Inventory > Endpoints.
Use the inventory view functions to display the applicable certificate deployment. To view only those certificates with an automation event scheduled, filter inventory by the Automation status column and select
Automation scheduled.Use one of the following options to view the automation event status for a certificate in the inventory table:
Select the ⓘ icon in the rightmost table column.
Select the endpoint Location to view the details for it. Then select the Automation tab to view the automation configuration, and from there select the See automation request details link.
Both options open a sidebar on the right with the automation event status and details.
Check status of bulk automation requests
To check automation event status for the certificates in a bulk automation job:
From the Trust Lifecycle Manager main menu, select Inventory > Endpoints.
Use the inventory view functions to display all the certificates in the bulk automation job:
If the Job name column is not shown, use the Add column button on the top-right to add it.
Filter by the Job name column and select the name of the applicable bulk automation job.
After filtering by job name, only certificates included in that bulk automation job are listed. Use one of the following options to view the automation event status for any of the certificates:
Select the ⓘ icon in the rightmost table column.
Select the endpoint Location to view the details for it. Then select the Automation tab to view the automation configuration, and from there select the See automation request details link.
Both options open a sidebar on the right with the automation event status and details.
Automation steps and progress tracker
The automation status sidebar shows the steps and progress of each automation request. Steps vary for installing certificates on web servers versus network appliance and cloud service applications, and for certificate delivery versus full installation.
DigiCert agents use the ACME protocol to manage certificates for web server applications. When processing a request to issue and install a certificate, the steps in the automation status sidebar reflect the general ACME event framework:
Step | Title | Description |
|---|---|---|
1. | ACME account created | The DigiCert agent sends the initial ACME
|
2. | Domain validated | If required, the ACME server validates the domain using the applicable DNS integration in Trust Lifecycle Manager.
|
3. | Certificate issued | The agent generates the CSR and sends it to the ACME server. Trust Lifecycle Manager coordinates certificate issuance from the applicable CA, and the ACME server sends the certificate back to the agent. |
4. | Certificate installed | The agent installs the certificate and configures the web server application to use that certificate on the applicable endpoint location. |
5. | Testing installation | The agent verifies the certificate installation by connecting to the endpoint like a regular client. |
DigiCert sensors use API calls to manage the installed certificates on appliances and cloud services over the network. When processing a request to issue and install a certificate, the steps in the automation status sidebar reflect this network-based management framework:
Step | Title | Description |
|---|---|---|
1. | CSR generation | The DigiCert sensor generates the CSR for the requested certificate. |
2. | Issuing certificate | The sensor sends the CSR to Trust Lifecycle Manager, which coordinates certificate issuance from the applicable CA and sends the certificate back to the sensor. |
3. | Certificate installation | The sensor uses API calls to install the certificate on the requested network appliance or cloud service over the network. |
4. | Testing installation | The sensor verifies the certificate installation by connecting to the applicable endpoint location like a regular client. |
For automation requests that use the Admin web request enrollment method to enroll and deliver a certificate, the steps in the automation status sidebar reflect a simplified process with automated delivery but not full installation.
Step | Title | Description |
|---|---|---|
1. | CSR generation | The DigiCert agent or sensor generates the CSR for the requested certificate. |
2. | Issuing certificate | The agent or sensor sends the CSR to Trust Lifecycle Manager, which coordinates certificate issuance from the applicable CA and sends the certificate back to the agent or sensor. |
3. | Certificate delivery | The agent or sensor delivers the the certificate to the requested location on the remote system.
|
Notifications, monitoring, and reporting
Additional options for tracking lifecycle events for automated certificate deployments:
Set up account-wide notifications to send email alerts about all certificate lifecycle automation events in your account.
Set up custom alerts for a specific certificate automation profile in the Additional options > Email configuration and notifications section of the profile configuration wizard.
Use your account dashboard to monitor and launch pre-filtered views of automated certificates requiring attention due to expiration, automation status, or security-related issues.
Use the reporting functions to generate custom reports about assets under managed automation.