Skip to main content

Bulk manage multiple certificate deployments

Follow these steps to reissue/renew or switch CAs for multiple certificate deployments simultaneously. DigiCert​​®​​ Trust Lifecycle Manager coordinates the lifecycle management request and deploys the new certificates to all the target systems.

Let op

Bulk management allows you to respond quickly to security-related events by enabling the simultaneous replacement of large volumes of certificates installed on your systems

Bulk reissue or renew certificates

Use the Bulk Reissue / Renew action when you need to rotate out multiple installed certificates with new certificates from the same CA. When you run this bulk action:

  • The system attempts to reissue the selected certificates if possible. If successful, it issues and deploys a new certificate from the same CA with the same validity dates and auto-renew options.

  • For certificates it cannot reissue, the system attempts to renew the certificates instead. If successful, it issues and deploys the same certificate with new validity dates.

To request bulk reissue/renewal of multiple certificate deployments:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display all the certificates you want to manage.

  3. Select the applicable certificates using the checkboxes to the left of the Common name.

  4. Open the Bulk actions dropdown for one of the selected certificates, and select Reissue / Renew.

  5. Fill out the Bulk Reissue / Renew form:

    • Job name: Enter a name for this lifecycle management job to help track status of the bulk request.

    • Choose profile: Certificates with active certificate automation profiles in Trust Lifecycle Manager will be reissued or renewed from those same profiles. For certificates without an associated profile, select a profile to issue the new certificates from:

      • Sensor profile: Select an available profile with the DigiCert sensor enrollment method to issue and deploy new certificates on network appliances or cloud services.

      • Agent profile: Select an available profile with the DigiCert agent enrollment method to issue and deploy new certificates on web servers.

    • Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.

    • Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.

  6. Select Submit to finalize the certificate automation request.

Bulk switch certificate authority (CA)

Use the Bulk Switch CA action when you need to replace multiple installed certificates with new certificates from a different CA.

To request bulk CA replacement of multiple certificate deployments:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display all the certificates you want to manage.

  3. Select the applicable certificates using the checkboxes to the left of the Common name.

  4. Open the Bulk actions dropdown for one of the selected certificates, and select Switch CA.

  5. Fill out the Bulk Switch CA form:

    • Job name: Enter a name for this lifecycle management job to help track status of the bulk request.

    • Switch CA: Select the new CA vendor to switch selected certificates to.

    • Profile: Select an available certificate automation profile for issuing certificates from the new CA vendor you selected.

    • Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.

    • Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.

  6. Select Submit to finalize the certificate automation request.

What's next

Trust Lifecycle Manager runs the certificate lifecycle automation job now or at the time you schedule in each request. You can check status of automation requests at any time from the Inventory view.