Manage endpoints
Manage all your endpoint locations from the Inventory > Endpoints page in DigiCert® Trust Lifecycle Manager, including endpoints that are:
Discovered via scans and connectors
Currently under management with the managed automation solution
Unsecured (no certificates installed)
Unsecured but available to install certificates with the managed automation solution
To get started, first load the applicable records, then use the integrated actions to manage individual endpoints or multiple endpoints in bulk.
注記
This page focuses on managing certificate deployments for known endpoints. To learn more about inventory management in Trust Lifecycle Manager, see インベントリの管理.
Manage endpoints in inventory
To manage endpoints in your inventory:
In the Trust Lifecycle Manager menu, go to Inventory > Endpoints.
(Optional) Select a view from the Views dropdown. For details about what's included in each system view, see System views.
Manage one or more endpoints in the current view:
To manage a single endpoint, select actions from the rightmost table column. Or, open the endpoint and select the actions from the right of the details page.
To bulk manage multiple endpoints, select them in the table and then select a bulk action from the table header.
Available management actions
Available management actions for endpoints on the Inventory > Endpoints page depend on whether there’s a certificate installed on the endpoint, and whether the endpoint is currently under management or available for management by the managed automation solution. Endpoint management actions may be available as either an icon in the rightmost table column or from the actions (⋮) menu there.
注記
To be available for managed automation, the endpoint must be accessible via an existing connector in your account (for network appliances, cloud services, and vaults) or an active DigiCert agent on your network (for server applications).
The following actions are available from the Automated system view, which includes certificates currently under management or available to be placed under management by the managed automation solution.
Action | Description |
|---|---|
Request certificate | Issue and install a duplicate certificate on an endpoint. |
Reissue | Issue and install the same certificate with the same validity dates, but a new serial number. Use this action to deploy a fresh certificate after making changes to one of your certificate profiles, or to get the next certificate in a CertCentral multi-year plan. |
Renew | Issue and install the same certificate with new validity dates and a new serial number. Available for public CAs from DigiCert or Sectigo. |
Switch CA | Issue and install a new certificate from a different CA. |
Get your next certificate | Get the next certificate in a CertCentral multi-year plan when the current certificate is set to expire in less than 30 days. If the multi-year plan is in its last leg, use the Reissue action instead. |
The following actions are available from the Unsecured system view, which includes endpoint locations that do not currently have certificates installed on them.
Action | Description |
|---|---|
Request certificate | Enroll and install a new certificate on an unsecured endpoint. |
The following actions are available from the Discovered system view, which includes certificates issued outside your account and discovered or imported into Trust Lifecycle Manager via scans or connectors.
Action | Description |
|---|---|
Delete | Remove the discovered certificate and associated endpoint data from your inventory. |
Update business unit | Change the business unit a certificate is assigned to in Trust Lifecycle Manager. To manage the certificate, admins must belong to the currently assigned business unit. |
The following management actions are available for any endpoint that currently has a certificate associated with it, regardless of view.
Action | Description |
|---|---|
Add tags | Add metadata tags to the associated certificate to help identify and manage it in Trust Lifecycle Manager. |
Download | Download the certificate in PEM-encoded format. |
Edit tags | Edit existing metadata tags for the certificate. |
Manage tags | Available as a bulk action to add new tags, replace existing tags, or remove all tags from the certificates for multiple selected endpoints. |
The following actions are available for all endpoints in your account.
Action | Description |
|---|---|
View audit trail | View all the audit log events recorded in Trust Lifecycle Manager for an endpoint. |
Use the REST API to manage endpoints
All certificate management actions available from the Trust Lifecycle Manager web console (as listed in the preceding sections) are also available from the REST API. Use the following API controllers to perform these actions programmatically and integrate them into your custom workflows.
Use the Inventory endpoint API controller to get detailed information about different types of inventory endpoints in your account, including any associated certificate metadata.
Endpoint categories in the API align with the system views in the web console, as follows:
automatable: Corresponds to the Automated system view, showing endpoints currently under management or available for management by the managed automation solution.unsecured: Corresponds to the Unsecured system view, showing endpoints that do not currently have certificates installed on them or that have certificate discovery errors.discovered: Corresponds to the Discovered system view, showing endpoints discovered and imported into your account via scans or connectors.
Use the Certificate lifecycle automation inventory API controller to get automation-related details about endpoints that are currently active and eligible for management by the managed automation solution, including the GUID to target in automation requests for each endpoint, and the current automation status.
This information is similar to the Automated system view in the web console, but it focuses on parameters needed to manage automation requests via the API.
Use the Certificate lifecycle automation API controller to programmatically manage certificate deployments, including automated delivery and installation. Key API endpoints include:
API endpoint | Description |
|---|---|
| Request lifecycle automation for the certificate installed on an individual endpoint location. |
| Request bulk automation for certificates installed on multiple endpoint locations. |
| Request a new certificate with automated delivery to servers, vaults, or cloud services. The certificate profile you issue from must be configured with the Admin web request enrollment method. |