Notice
Trust Lifecycle Manager provides an additional base template called CA Manager Private mTLS Certificate for automating private mutual TLS (mTLS) authentication certificates in Istio service meshes. To learn more about this use case, see the Istio connector guide.
To enroll and manage certificates from the Trust Lifecycle Manager web console using its managed automation tools, select one of the following enrollment methods:
Enrollment method | Description |
|---|---|
| Use a simple web-based form to request new certificates with automated delivery to servers, vaults, or the AWS cloud. Trust Lifecycle Manager delivers certificates to the selected systems via DigiCert agents, Azure Key Vault connectors, or AWS unified connectors, respectively. |
| Automate certificates on web servers. The DigiCert agent on each server coordinates the certificate enrollment process and downloads and installs the resulting certificates on the target endpoints. |
| Automate certificates on network appliances and cloud services. A DigiCert sensor on your network coordinates the certificate enrollment process and installs the resulting certificates on the target endpoints for the appliances/services it manages. |
Additional automation-related enrollment methods for managing certificates:
Enrollment method | Description |
|---|---|
| Manage certificates from the command-line interface (CLI) on web servers using the Trust Lifecycle Manager ACME service. For more information, see the Third-party ACME client integration guide. |
| Automate mutual TLS (mTLS) authentication certificates for an Istio service mesh using the Trust Lifecycle Manager ACME service. For more information, see the Istio connector guide. |
| Request and manage certificates using the Trust Lifecycle Manager REST API service. Use this enrollment method to integrate with and request certificates from ServiceNow. For more information, see the ServiceNow integration guide. |
Enable the auto-renew option to prevent outages and make sure you always have valid certificates installed on your systems.
You specify how far in advance of expiration to submit renewal requests, and Trust Lifecycle Manager automatically renews and deploys each certificate to its installed location(s) at that time.
You enable auto-renewal in the Certificate options > Renewal options section of the profile configuration wizard. You can schedule auto-renewal for:
30 days before certificate expiration: This is the default option.
Custom schedule: Specify the number of days before expiration to renew certificates, and the specific time to submit the request.
You can set up account-wide notifications to send email alerts about all automated certificate lifecycle events in your account.
You can also set up custom notifications for a specific certificate automation profile, in the Additional options > Email configuration and notifications section of the profile configuration wizard. To configure custom notifications for a profile:
Each certificate under automated lifecycle management has an associated automation profile. When you need to deploy a new certificate on one of your systems, you select an automation profile based on the certificate type and enrollment method you need.