Manage certificates
Manage all your certificates from the Inventory > Certificates page in DigiCert® Trust Lifecycle Manager. First load the applicable records, then use the integrated actions to manage individual certificates or multiple certificates in bulk.
注記
This page focuses on general certificate administration. To learn more about inventory management, see Manage inventory.
Manage certificates in inventory
To manage certificates in your inventory:
In the Trust Lifecycle Manager menu, go to Inventory > Certificates.
(Optional) Select a view from the Views dropdown.
Manage one or more certificates in the current view:
To manage a single certificate, select actions from the rightmost table column. Or, open the certificate and select the actions from the right of the details page.
To bulk manage multiple certificates, select them in the table and then select a bulk action from the table header.
Available management actions
Available management actions for certificates on the Inventory > Certificates page depend on the certificate type and status, and whether Trust Lifecycle Manager has access to the issuing CA or not.
The following management actions require access to the issuing CA. Trust Lifecycle Manager can always access issuing CAs in DigiCert® Private CA. To access other issuing CAs, there must be an active CA connector.
Action | Description | Supported CAs |
|---|---|---|
Recover | Recover an escrowed certificate. | DigiCert® only (public or private) |
Revoke | Permanently revoke a certificate, making it invalid. | All |
Suspend | Temporarily suspend a private certificate by revoking it with the reason | DigiCert® Private CA |
Resume | Reinstate a suspended private certificate by removing it from the issuing CA's revocation list. | DigiCert® Private CA |
The following management actions are available for any certificate in your account, depending on the certificate type and status.
Action | Description |
|---|---|
Add tags | Add metadata tags to a certificate to help identify and manage it in Trust Lifecycle Manager. |
Download | Download a certificate in PEM-encoded format. To initiate a download, select the download icon in the rightmost table column or table header. |
Edit tags | Edit existing metadata tags for a certificate, used to help identify and manage it in Trust Lifecycle Manager. |
Remove from vault | For certificates imported or delivered to Azure Key Vault via a vault connector, remove the certificate from the vault(s) in Azure. |
Resend renewal email | For certificates issued from a profile with renewal notifications enabled, resend the email notification about an upcoming certificate expiration. |
Update business unit | For discovered certificates, change the business unit a certificate is assigned to in Trust Lifecycle Manager. To manage the certificate, admins must belong to the currently assigned business unit. Note: For certificates issued through Trust Lifecycle Manager, the business unit is automatically assigned from the certificate profile and cannot be changed in inventory. |
Update certificate owners | Update the list of certificate owners for a certificate, which are email contacts who receive lifecycle notifications for the certificate. |
View audit trail | View all the audit log events recorded in Trust Lifecycle Manager for a certificate. |
Special bulk actions
The following management actions are only available as bulk actions for multiple certificates. Select the applicable certificates in the Inventory > Certificates table, then access these bulk actions from the More actions menu in the table header.
Select the Manage tags action to bulk manage metadata tags for multiple certificates. This opens a separate page with the following options. Select an action, then select Update to apply it.
Action | Description |
|---|---|
Add new tags | Add more tags to the selected certificates. |
Replace all the existing tags with a new one | Remove all current tags from the certificates and select or enter new tags to add instead. |
Remove all tags | Remove all tags from the certificates. |
Select the Manage certificate owners action to bulk manage owner contacts for multiple certificates. This opens a separate page with the following options. Select an action, then select Update to apply it.
Action | Description |
|---|---|
Add new owners | Add more owners to the selected certificates. |
Replace all the existing owners with new ones | Remove all current owners from the certificates and select new owners to add instead. |
Remove specific owners | Select owners to remove from the certificates. |
Remove all owners | Remove all owners from the certificates. |
Use the REST API to manage certificates
All certificate management actions available in the Trust Lifecycle Manager web console (as listed in the preceding sections) are also available from the REST API. Use the API to perform these actions programmatically and integrate them into your custom workflows.
Select the links in the following table to access reference documentation for the applicable API controllers.
API controller | Description |
|---|---|
General certificate administration, including revocation, escrow recovery, and tag management. | |
Add or remove owner contacts for certificates. |