Info: What are the different Certificate Management levels?


This article covers the four different Management levels available for Certificate objects. The Management level determines what Venafi Trust Protection Platform (TPP) will do with the Certificates stored.


More Info:

The four different Management levels are:

  • Unassigned
  • Monitoring
  • Enrollment
  • Provisioning



Unlicensed certificates that do not allow network validation, expiration monitoring, enrollment, provisioning, or onboard validation. However, they are included in selected reports and on the dashboard.



TPP monitors existing certificates and provides current information on the certificate status and lifecycle. When the certificate nears the end of its lifecycle, TPP sends dynamically-generated expiration and escalation messages to certificate owners, consumers, and approvers.

At the monitoring level of certificate management, however, TPP does not renew the certificate. The administrator must manually create the CSR, send it to the certificate authority (CA), then retrieve and install the renewed certificate.

Once the certificate is manually installed, TPP can validate the certificate is installed and properly configured.



At this level, TPP interfaces directly with certificate authorities to initiate and auto-enroll new or to-be-renewed certificate and key generation requests according to organization-defined workflow and approved folders.

TPP automatically generates and submits CSRs to Certificate Authorities using the parameters defined in designated CA Template objects. If preferred, administrators can manually generate the CSR, then upload it to TPP Certificate Manager to complete the enrollment process with the appropriate CA.

After the CA signs a certificate, Trust Protection Platform Certificate Manager retrieves the certificate and securely stores it in the Secret Store. The administrator can then download the certificate and install it on target systems.



TPP provides a fully automated certificate and key life-cycle management, one that automatically requests, installs, renews, and monitors encryption assets on your network. This produces consistent and repeatable processes that improve security and reduce operational and compliance risks.


Was this article helpful?
1 out of 1 found this helpful