Skip to main content

What do you want to learn about?

Follow these suggestions and links to find relevant documentation about DigiCert​​®​​ Trust Lifecycle Manager.

Overview of Trust Lifecycle Manager

These topics provide general information to help you understand how Trust Lifecycle Manager works:

Set up your account

When you first get access to Trust Lifecycle Manager, we create an account for your organization. You customize the account and add users so they can start using Trust Lifecycle Manager.

If your organization is new to Trust Lifecycle Manager, the following topics help you customize and start using your account:

Set up your operating environment

Trust Lifecycle Manager is CA agnostic and functions as a centralized control point for managing all your organization’s digital trust operations in one place.

Trust Lifecycle Manager provides connectors to help you build out your digital trust ecosystem and integrate all your external resources. Select the links below to learn more about available connector types.

Connector type

Supported platforms and systems

Appliances

A10, Citrix ADC, F5 BIG-IP LTM

Certificate authorities

AWS Private CA, Entrust, Let's Encrypt, Microsoft

Cloud services

Amazon CloudFront, AWS Application Network Load Balancer (ALB), AWS Network Load Balancer (NLB), AWS Certificate Manager (ACM)

DNS integrations

Azure, Cloudflare, CloudXNS, DNS Made Easy, DreamHost, GoDaddy, Google DNS, NS1, OVH, RFC2136, Route 53, Sakura Cloud

Infrastructure automation

Ansible, Chef, Istio, Puppet, SaltStack

IT service management

ServiceNow

Scan solutions

Qualys, Tenable

Unified endpoint management

Microsoft Intune

Vaults

Azure Key Vault, HashiCorp Vault

注記

Besides connectors, you can integrate with Trust Lifecycle Manager using its REST API or standard protocols such as SCEP, EST, CMP, and ACME. The integration guides provide comprehensive instructions for some of these integration types.

Discover and import your assets

Use the discovery and import functions to bring your existing digital assets into Trust Lifecycle Manager so you can monitor and manage them all in one place.

Discovery is built into various connector types. For example, when you connect to a network appliance or cloud service, we look for existing certificates and endpoints to import from it. And when you connect to external CAs, you have the option to import existing certificates from them.

Trust Lifecycle Manager also provides pro-active discovery tools to help you locate and import digital trust assets throughout your organization:

  • Network scans to find certificates and calculate security ratings by IP address/hostname and port numbers.

  • Systems scans to find a range of cryptographic assets throughout your servers' file and operating systems.

  • API-based imports to upload certificates from external CA systems.

Request new certificates

When you’re ready to issue new certificates through Trust Lifecycle Manager, an admin needs to create certificate profiles.

Each profile defines the properties for a certain type of certificate, including the issuing CA, the supported methods for requesting/enrolling certificates from that CA, and how to authenticate those requests.

Once you create some certificate profiles, you can start enrolling new certificates from them in a variety of ways.

End users:

Admins:

  • Submit requests using a web-based form and have the certificates delivered to your servers, vaults, or AWS cloud services.

  • Use the managed automation tools to request and install certificates for your web servers, network appliances, and cloud applications.

  • Enroll certificates using the API, or standard protocols such as SCEP, EST, CMP, and ACME.

  • Check the how-to guides for comprehensive instructions about how to integrate and get certificates for specific systems and platforms.

  • Use the enrollments page in Trust Lifecycle Manager to monitor and approve/reject end user certificate requests.

注記

Trust Lifecycle Manager supports new post-quantum cryptography (PQC) algorithms so you can start preparing for the future demands of Internet security.

Automate certificate lifecycle management

Traditionally, managing certificates has required a lot of manual work and been susceptible to security lapses, service disruptions, and customer frustrations.

With Trust Lifecycle Manager, you can automate lifecycle management to make sure you always have valid certificates installed, with little or no user intervention required.

Choose the automation methods that work best for your organization:

  • Use managed automation to automate lifecycle management directly from the Trust Lifecycle Manager web console for certificates deployed on web servers, network appliances, cloud services, and vaults.

  • Use third-party ACME clients to automate certificate management from the command-line interface (CLI) on your web servers.

  • Set up scripts to automate pre- and post-installation tasks for user and server certificates.

  • Use the REST API to create your own custom integrations and automation solutions.

Monitor your digital trust operations

Trust Lifecycle Manager provides powerful tools to help you track all your digital trust assets, identify security vulnerabilities, and ensure you always have valid certificates installed on key systems:

  • Your inventory page is a centralized book of records for monitoring all your certificates, keys, and endpoints in one place.

  • Your account dashboard provides customizable widgets to help you analyze assets and see alerts and security ratings for them.

  • Set up notifications to make sure key people get alerted when there are important security and lifecycle events.

  • Use the reporting and auditing tools to check logs and generate custom reports.