DigiCert® Trust Lifecycle Manager can discover digital trust assets and automate certificate lifecycle management for a variety of popular network appliances and cloud services. To get started, add a connector in Trust Lifecycle Manager for the network appliance or cloud service to manage.
Make sure Trust Lifecycle Manager supports the network appliance or cloud service type. See Supported systems.
You need an active DigiCert sensor to set up and manage the connector. See Deploy and manage sensors.
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
Select the applicable system type from the Appliances or Cloud services section.
For Amazon Web Services (AWS), select one of the available services, or select AWS unified to link to AWS Certificate Manager (ACM).
For Google Cloud Platform (GCP), select GCP unified to link to both Google Certificate Manager and Google Cloud load balancers (see supported systems for a list of supported load balancer types).
Enter a friendly Name for this connector.
Select a Business unit for this connector. Only users assigned to this business unit can manage the connector.
For the Managing sensor, select an active DigiCert sensor to use to manage this connector.
Fill in the requested configuration parameters. These vary by network appliance or cloud service type.
Network appliance/service
Configuration parameters
Notes
A10
Management IP
Management port
Username
Password
The provided credentials must be for an account with full administrator access.
Citrix ADC
Management IP
Management port
Web protocol
Web username
Web Password
SSH username
SSH password
SSH port
The provided credentials must be for an account with full administrator access.
F5 BIG-IP LTM
Management IP
Management port
Username
Password
The provided credentials must be for an account with full administrator access. In the F5 account properties, the Terminal Access field must be set to "Advanced shell".
When adding the connector, use the Additional settings section to configure options for how to store files on the F5 appliance.
AWS CloudFront
Account ID
Authentication method
The linked AWS account must include managed policies
CloudFrontFullAccess,AWSCertificateManagerFullAccess, andIAMReadOnlyAccessor equivalent permissions.For descriptions of supported AWS authentication methods, see Authentication methods for AWS connectors.
AWS ELB (Application/Network)
Account ID
AWS region
Authentication method
The linked AWS account must include managed policies
AWSCertificateManagerFullAccessandElasticLoadBalancingFullAccessor equivalent permissions.For descriptions of supported AWS authentication methods, see Authentication methods for AWS connectors.
AWS unified
AWS scope
Account ID
IAM role (for organization scope) or AWS region (for account scope)
Authentication method
Import attributes
Use an AWS unified connector to import and deliver certificates to AWS Certificate Manager (ACM) in one or more AWS accounts.
For the AWS scope, select whether to link to an AWS organization and all its member accounts (Organization scope) or link to a specific AWS account (Account scope). Required AWS permissions depend on scope selection; for details see Minimum required permissions for AWS unified connectors.
For descriptions of supported AWS authentication methods, see Authentication methods for AWS connectors.
To import existing certificates from AWS Certificate Manager, toggle on the Import attributes section and make selections for how to import the certificates.
GCP unified
GCP scope
Configuration settings (varies by scope)
Import attributes (for Google Certificate Manager)
Use a GCP unified connector to discover and manage certificate deployments on Google Cloud load balancers, or import and deliver certificates to Google Certificate Manager.
For the GCP scope, select whether to link to a Google Cloud organization or folder and all its child projects (Organization scope) or link to a specific project (Project scope).
Required fields under Configuration settings depend on the selected scope. For detailed instructions, see Configure authentication and permissions for GCP connectors.
To import existing certificates from Google Certificate Manager, toggle on the Import attributes section and make selections for how to import the certificates.
Select Add to complete the link to the network appliance or cloud service.
Trust Lifecycle Manager looks for existing certificates on the network appliances and cloud services you connect to.
If you have an AWS unified or GCP unified connector and enabled the Import attributes, Trust Lifecycle Manager imports certificates from the Certificate Manager service at the Import frequency you configured.
On the Integrations > Connectors page, select a connector by name to view the details for it. The Assets found on this connector section shows the number of assets discovered on that appliance or cloud service. Select the links here to load those assets into your Inventory, where you can take further action on them.
Important
On network appliance virtual IPs, certificates must be stored in X.509 format for Trust Lifecycle Manager to discover and automate them. Password-protected PFX certificates are not supported.
Set up certificate lifecycle automation to automate lifecycle management for certificates on connected network appliances and cloud services.
If you have an AWS unified or GCP unified connector, you can use the Admin web request function to enroll new certificates with automated delivery to the Certificate Manager service in the linked account(s).
For details about how to manage Google Cloud load balancers through GCP unified connectors, see View and manage GCP load balancer assets.