Skip to main content

Analyze certificate inventory to improve automation coverage

After Discovery identifies certificates in the environment, analyze the inventory to determine which certificates to bring under automated lifecycle management.

Inventory analysis helps administrators perform the following tasks:

  • Identify certificates approaching expiration

  • Detect certificates issued by external certificate authorities

  • Prioritize certificates for automation profiles

  • Standardize certificate management across environments

Move discovered certificates into automated workflows to ensure certificates are renewed, deployed, and replaced according to the automation configuration.

Prioritize certificates for automation

Review the Discovery results and prioritize certificates based on the following criteria:

  • Certificates approaching expiration: Certificates expiring within 90 days or less are available for immediate automation scheduling from the Automated IPs menu.

  • Certificates issued by external CAs: Identify certificates not issued by DigiCert. Replace these with DigiCert certificates before applying automation profiles.

  • Certificates on supported environments: Confirm the host or appliance is supported by ACME agent-based or sensor-based automation. See Deployment options.

  • Certificates without automation profiles: Identify certificates that do not yet have an associated automation profile and create profiles as needed.

Move discovered certificates into automated workflows

  1. In the CertCentral main menu, go to Discovery > View results.

  2. Select the certificate you want to automate.

  3. Select Schedule automation from the certificate actions.

  4. Select the appropriate automation profile.

  5. Configure the automation event details.

  6. Select Start automation or Schedule automation.

CertCentral begins managing the certificate lifecycle according to the selected automation profile.

Notice

Before scheduling automation for a discovered certificate, confirm the following:

  • Domain and organization validation are current for the certificate type

  • An automation profile exists for the target environment

  • The host or appliance is reachable by the assigned sensor or agent

Related topics

What's next

Discovery service integration with automation

Dans cette section​: