This guide helps you get up and running with DigiCert® Trust Lifecycle Manager in a short amount of time. You'll enable certificate imports from your DigiCert CertCentral® account and learn how to monitor the certificates from the Trust Lifecycle Manager web console.
The integration you set up here also supports ongoing management of assets in your CertCentral account, including automated lifecycle management. In this guide, we'll focus only on discovery and monitoring.
Aviso
CertCentral issues individual certificates within a single DigiCert account, while Trust Lifecycle Manager manages certificates across the entire organization, including those from different CAs, providing a holistic view of certificate health and compliance.
Log into DigiCert ONE and learn to use important Trust Lifecycle Manager system functions like Integrations, Inventory, and Dashboard.
Connect your CertCentral account to Trust Lifecycle Manager and import certificates from CertCentral into your Trust Lifecycle Manager inventory.
Set up notifications and start using Trust Lifecycle Manager to track issues and required actions for your certificates.
To establish the link to your CertCentral account, you'll need one of the following:
DigiCert single login credentials for an Administrator user.
CertCentral API key for an Administrator user or service user, configured with API key restrictions set to None.
Work with your DigiCert account representative if you need help with these prerequisites:
To import certificates from CertCentral, you need Discovery seats in your Trust Lifecycle Manager account.
To log in and configure the integration, you need DigiCert single login credentials that include the Manager user role for Trust Lifecycle Manager.
Start by using your DigiCert account credentials to log in and access Trust Lifecycle Manager:
To log into your DigiCert account, go to: https://accounts.digicert.com.
Depending on your account configuration, the system may place you directly into the Trust Lifecycle Manager application.
Verify this by checking the navigation bar on the left. If you see TRUST LIFECYCLE, you're in the right place and can skip the next step.
(Optional) If you were not placed into Trust Lifecycle Manager, navigate there as follows:
Open the managers menu on the top-right. It's the one that looks like a grid.
In the managers menu, select Trust Lifecycle.
Sugerencia
Your account Dashboard is the default screen when you first access Trust Lifecycle Manager.
Once there's some data in your account, the Dashboard will help you track and manage it all.
Business units in Trust Lifecycle Manager are like divisions in CertCentral.
If the certificates in your CertCentral account are organized by division, you can assign them to analogous business units in Trust Lifecycle Manager during the initial import operation. This keeps them organized and can save you time later on.
Aviso
You can safely skip this step if your CertCentral account only uses a single division, or if you would prefer to organize your assets in Trust Lifecycle Manager after importing them. By default, certificates get assigned to a single Default Business Unit in your Trust Lifecycle Manager account.
To assign certificates to different business units during import, you must first create the business units in Trust Lifecycle Manager.
To create a business unit:
From the Trust Lifecycle Manager main menu, select Account > Business units.
You should see your Default Business Unit listed in the table. Select the Create button above the table to add another business unit.
Enter a Name for the new business unit to help identify it. You can match an existing CertCentral division name or use a different naming convention to help identify the assets in Trust Lifecycle Manager.
In the Discovery seats allocation field, enter the number of Discovery seats to allocate to this business unit. Each certificate you import from CertCentral will consume a single Discovery seat in this business unit.
Sugerencia
It's better to over-estimate to avoid any issues during import. You can always reclaim or re-allocate any extra seats afterward.
Select the Create button at bottom to create the new business unit.
After creating a business unit, you return to the business units table and should see your new business unit listed. Repeat the above steps to add more business units.
In this step, you'll use your CertCentral account credentials to set up the integration with Trust Lifecycle Manager.
The integration lets you import existing certificates from CertCentral, and also issue new certificates from the certificate authorities (CAs) in CertCentral. In this guide, we'll focus on imports.
Aviso
In Trust Lifecycle Manager, integrations are also known as "connectors". The connector provides a simple web-driven menu to help link your CertCentral account and enable imports from it.
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the tile for CertCentral.
Complete the form as described in the following steps.
Configure general properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for the connector. You can select the
Default Business Unitor, if you added your own business units in Step 2, you can select one of those.Aviso
The business unit you assign here is for managing the connector itself. It does not apply to certificates imported or issued through the connector.
Link account: Select the Region of your CertCentral account, and one of the below options for linking to it. Make sure the CertCentral account credentials you use meet the prerequisites listed in the Before you begin section above.
DigiCert single login: Connect using your DigiCert account credentials (recommended).
Link using CertCentral API key: Enter your CertCentral API key.
Import attributes: If the CertCentral credentials you entered are valid, you can now enable certificate imports here.
Toggle On certificate imports next to where it says Import certificates from this connector.
Under Import certificates, select the statuses of certificates to import. The default is to import only valid certificates issued in your CertCentral account over the last 4 years.
(Optional) If you created different business units in Step 2, here is where you can assign certificates to them.
You can skip this step to assign all imported CertCentral certificates to the default business unit in Trust Lifecycle Manager. Otherwise, choose an option for how to map the certificates to different business units:
Select divisions to map: Choose this option to map your CertCentral divisions one at a time. After mapping each division, select the Add mapping link to map another one.
Map all available divisions: Choose this option to list all the CertCentral divisions in your account that have not been mapped yet. For each available division, select the business unit to assign the certificates to in Trust Lifecycle Manager.
Select Add to save the CertCentral connector and initiate the first import operation.
As soon as you add the connector, Trust Lifecycle Manager starts importing the certificates from your CertCentral account.
Let's verify the import operations from the new CertCentral account connector you added.
In this step, you'll also learn how to start working in Inventory, which functions as a centralized book of records for viewing and managing all your digital trust assets in Trust Lifecycle Manager.
Make sure you're on the Integrations > Connectors page in Trust Lifecycle Manager. You should see a table, with a listing for the CertCentral connector you added in the previous step.
Select the CertCentral connector you added by Name to see the details for it.
The Assets found on this connector section shows the total number of certificates imported from the connector so far, under the Discovered certificates header. If you do not see any certificates listed yet, wait a bit and try refreshing your browser.
Sugerencia
If you continue to refresh your browser, you may see these counts change as Trust Lifecycle Manager imports more certificates from the CertCentral account connector.
To see the actual certificates, you need to switch over to the Inventory view. The certificate counts on the connector details page are shortcut links to load the applicable inventory.
Select the certificates count under Discovered certificates to load the certificates imported from your CertCentral account so far.
You should now be on the Inventory page, showing the list of individual certificates imported through your CertCentral connector.
For each certificate, it shows important fields like the common name, CA vendor, and validity dates.
Select the first certificate listed here by its Common name to see the complete details about it.
You should now be on the Certificate details page for the certificate you selected. The details include all the certificate properties and management parameters.
Try expanding the information in the default Properties tab and select some of the other tabs to see all the details about this certificate.
Now that you've added some certificates to your inventory, let's see how you can start monitoring them in Trust Lifecycle Manager.
The Trust Lifecycle Manager Dashboard helps you track all your digital trust assets and take action on them when needed.
Let's look at how your imported CertCentral certificates show up in the Dashboard.
From the Trust Lifecycle Manager main menu, select Dashboard.
Take a look at the following dashboard widgets:
Certificates expired or expiring: Shows how many of your CertCentral certificates are expiring within the next 90 days.
Certificate security ratings: Shows different risk categories that Trust Lifecycle Manager calculated for your certificates. If you see any yellow or red here, you may need to take action on them.
Certificate issues: Shows specific issues that Trust Lifecycle Manager detected for your certificates.
Certificate counts and chart components in the dashboard are shortcuts to load the applicable certificates into your Inventory, where you can take further action on them.
Try using the shortcut links in one of the above dashboard widgets to load the applicable CertCentral certificates. For example:
If you see expiring certificates listed under Certificates expired or expiring, select the bars or certificate counts to load the certificates expiring at different time intervals.
If the Certificate security ratings widget shows any certificates in the yellow (
At risk) or red (Not secure) risk categories, select the chart slices to load the certificates in those risk categories.
As usual, once you load certificates into inventory, you can select an individual certificate for more details about it.
As a final step here, we'll enable email notifications to send out alerts when your CertCentral certificates expire or are nearing expiration.
From the Trust Lifecycle Manager main menu, select Policies > Notifications.
The table shows all the default notification types you can enable.
To see notification types related to certificate expiration, open the filter icon next to the Category column header and select the Certificate lifecycle category.
To enable expiration-related notifications for your imported CertCentral certificates, use the toggle buttons in the Status column to enable the following notification types:
Discovered certificates expired: Send email alerts if certificates expire.
Discovered certificates expiring: Send email alerts in regular intervals when certificates are approaching expiration, starting 120 days in advance.
Aviso
By default, these notifications get sent to all users for your Trust Lifecycle Manager account. To customize notification options, select the notification type by name.
Now that your CertCentral account is connected, you can use Trust Lifecycle Manager to enroll and manage certificates from CertCentral and deploy them to your systems and workloads.
Some suggestions for next steps to take in Trust Lifecycle Manager:
Create certificate profiles to define policies for enrolling new certificates.
Set up automation so you'll always have valid certificates installed on your servers, network appliances, and cloud services.
Add more connector types to continue building out your Trust Lifecycle Manager inventory and ecosystem.
Enable the self-service web portal or the DigiCert Trust Assistant desktop app so end users can request and manage their own certificates.