Skip to main content

Post-processing actions and scripts

Post-processing actions and scripts are executed automatically after DigiCert​​®​​ Trust Assistant completes the certificate enrollment and renewal operation. They help automate follow-up tasks, ensuring that certificates are properly configured and integrated into end-user systems. This improves efficiency and reduces manual effort of the certificate deployment process.

Post-processing scripts

To ensure effective certificate usage, it is essential to integrate post-processing scripts into your applications and systems. These scripts automate integration by performing the necessary configuration tasks following certificate enrollment and renewal.

Using post-processing scripts to manage integrations has the following benefits:

  • Automate the post-certificate installation tasks.

  • Simplify the certificate configuration process for the end users.

  • Ensure that the certificates are configured correctly for secure and seamless use.

  • Saves time, reduces errors, and enhances the overall security of the system.

These post-processing scripts, sometimes called post-scripts, contain the necessary logic for the application, allowing them to use the target certificate seamlessly.

For a successful execution of the post-processing script on the end user's computer, ensure the following:

  • The root CA is added to Trusted Root Certification authorities.

  • The complete certificate chain validation is established. This includes valid AIA, CDP, OCSP, and CRL extensions for end-entity and CA certificates.

  • If using a third-party platform for device management, ensure that the PowerShell execution policy on Windows client computers is set to RemoteSigned.

Post-processing actions

These operations allow you to configure automated actions that help manage certificates more effectively.

Delete inactive certificates

Enabling this option allows DigiCert Trust Assistant to automatically delete certificates that are no longer in active use. You can configure which types of certificates to delete based on their status from the profile settings. For more details, refer to Create a certificate profile with DigiCert Trust Assistant.

Available status options:

  • Revoked – Certificates that are explicitly invalidated before their expiration.

  • Expired – Certificates that are no longer valid because their validity period has ended.

  • Superseded – Certificates that are replaced by newer versions.

  • All – Deletes all certificates with a status of Revoked, Expired, or Superseded.

In this section: