What do you want to learn about?
Follow these suggestions and links to find relevant documentation about DigiCert® Trust Lifecycle Manager.
Let op
This is not a complete list, but rather an overview of key topics. Use the navigation and search functions to browse the complete user guide for Trust Lifecycle Manager. For API documentation, visit the DigiCert Developers website.
These topics help you understand how Trust Lifecycle Manager works, and how to start using it.
For a high-level overview, see Platform components and Key concepts.
To learn how to get in-product help via AI, see Ask AI Assist for Help.
The Quick start guides provide step-by-step instructions to help you get up and running quickly with some key features of Trust Lifecycle Manager.
When you first get access to Trust Lifecycle Manager, we create an account for your organization. You customize the account and add users so they can start using Trust Lifecycle Manager.
If your organization is new to Trust Lifecycle Manager, the following topics help you customize and start using your account:
Learn how to add account users and enable API access.
Configure your account settings, including contacts and branding.
Set up business units to help organize your account inventory and resources.
Make sure you have seats available for the asset types you will manage.
Trust Lifecycle Manager is CA agnostic and functions as a centralized control point for managing all your organization’s digital trust operations in one place. The following topics help you connect up your systems and assets, so you can monitor and manage them in Trust Lifecycle Manager.
Helper tools
To securely discover and manage your assets, set up the following DigiCert client tools on your network:
DigiCert agents: Discover and manage assets on servers.
DigiCert sensors: Discover and manage assets on network appliances and cloud services. Enable secure network-based integrations, proxy services, and discovery scans.
Integrations/Connectors
Trust Lifecycle Manager provides connectors and other integration tools to help build out your digital trust ecosystem and connect all your external resources. Select the following links to learn more about available connector types.
Connector type | Platforms and systems |
|---|---|
A10, Citrix ADC, F5 BIG-IP LTM | |
AWS Private CA, DigiCert, Entrust, Let's Encrypt, Microsoft, Step CA | |
Amazon CloudFront, AWS Elastic Load Balancing (ELB), AWS Certificate Manager (ACM), Google Cloud Platform (GCP) Certificate Manager, GCP Load Balancing | |
Azure, Cloudflare, CloudXNS, DNS Made Easy, DreamHost, GoDaddy, Google DNS, NS1, OVH, RFC2136, Route 53, Sakura Cloud, and many more | |
ServiceNow | |
Qualys, Tenable | |
Microsoft Intune | |
Azure Key Vault, HashiCorp Vault |
Discover and import assets
Use the discovery and import functions to bring your existing digital assets into Trust Lifecycle Manager so you can monitor and manage them all in one place.
Discovery is built into various connector types. For example, when you connect to a network appliance or cloud service, we look for existing certificates and endpoints to import from it. And when you connect to external CAs, you have the option to import existing certificates from them.
Trust Lifecycle Manager also provides pro-active discovery tools to help you find and import digital trust assets throughout your organization:
Network scans to find certificates on your network and calculate security ratings by IP address/hostname and port numbers.
Cloud scans to find certificates on the internet to add to your inventory in Trust Lifecycle Manager.
Systems scans to find a range of cryptographic assets throughout the file and operating systems on your servers.
API-based imports to upload certificates from external CA systems.
Trust Lifecycle Manager provides powerful tools to help you track all your digital trust assets, identify security vulnerabilities, and ensure you always have valid certificates installed on key systems:
Your account dashboard provides customizable widgets to help you analyze assets and see alerts and security ratings for them.
Your inventory page is a centralized book of records for monitoring and managing all your certificates, endpoints, and enrollments in one place.
Set up notifications to make sure key people get alerted when there are important security and lifecycle events.
Use the reporting and auditing tools to check logs and generate custom reports.
When you’re ready to issue new certificates through Trust Lifecycle Manager, an admin needs to create certificate profiles.
Each profile defines the properties for a certain type of certificate, including the issuing CA, and the allowed enrollment and authentication methods for requesting certificates from that CA.
For certificate profiles that use enrollment codes for authentication, you need to prepare the enrollment codes and provide them to users before they can start requesting new certificates.
Once you create some certificate profiles, you can start enrolling new certificates from them in a variety of ways.
End users
Use the DigiCert Trust Assistant (DTA) application to request and auto-enroll/renew certificates directly from the Windows or macOS desktop.
Use the web self-service options to request and manage certificates from a web browser.
Admins
Submit requests using a web-based form and have the certificates delivered to your servers, vaults, and cloud services.
Use the managed automation tools to request and install certificates for external applications directly from the Trust Lifecycle Manager web console.
Enroll certificates using the API, or standard protocols such as SCEP, EST, CMP, and ACME.
Use the enrollments page in Trust Lifecycle Manager to monitor and approve/reject end user certificate requests.
Let op
Trust Lifecycle Manager supports new post-quantum cryptography (PQC) algorithms so you can start preparing for the future demands of internet security.
Traditionally, managing certificates has required a lot of manual work and been susceptible to security lapses, service disruptions, and customer frustrations.
With Trust Lifecycle Manager, you can automate lifecycle management to make sure you always have valid certificates installed, with little or no user intervention required.
Choose the automation methods that work best for your organization:
Use managed automation solution to automate lifecycle management directly from the Trust Lifecycle Manager web console for certificates deployed on web servers, network appliances, cloud services, and vaults.
Use third-party ACME clients to automate certificate management from the command-line interface (CLI) on your web servers.
Set up infrastructure automation to issue certificates from Trust Lifecycle Manager for provisioning through DevOps platforms like Ansible, Chef, Istio, Puppet, SaltStack, and Terraform.
Use the REST API to create your own custom integrations and automation solutions.