About the Certificate Inventory¶
The Certificate Inventory provides a centralized view of all your certificates and their details. As your organization’s certificate list grows—potentially into the thousands—powerful search and filtering capabilities help you quickly find the certificates you need.
You can select any certificate in the inventory to view its details and take action as needed.
The Certificate Inventory includes the following features:
Summary View dashboard¶
The Summary View dashboard provides an overview of certificate metrics relevant to your access level. All users can view the dashboard, but the data is filtered based on role-based access controls (RBAC). Administrators see certificate metrics across the full inventory, while other users see only the metrics they're permitted to access.
The Summary View displays the following certificate metrics:
- Total number of certificates in your inventory
- Expired certificates
- Certificates expiring in 15 days
- Certificates not assigned to an application
Details "Drawer"¶
When you click on a certificate, the details drawer slides out from the right side of the screen, showing you the information about the selected certificate, while allowing you to continue seeing the inventory on the left.
When you click on a link in a row, the drawer will navigate to the relevant tab in the drawer.
The drawer is divided into tabbed sections for easier organization of information, so be sure you click on all the tabs to see all the relevant certificate information.
Click the X in the top right corner to close the drawer.
Column menu¶
Clicking the Columns button at the top of the inventory lets you control which columns are visible.
For those columns that are visible, you can hover over the column name, and a context menu appears to the right (it looks like three stacked dots).
What does each column type mean?
Term | Definition |
---|---|
Actions | Available operations or tools the user can perform on the certificate. |
Applications | Applications associated with or using this certificate. |
CA Connection | The connection details or status with the Certificate Authority. |
Certificate Name | The name assigned to the certificate for identification purposes. |
Certificate Version | The version number of the certificate format. |
Checkbox selection | Allows the user to select one or more certificates for bulk actions. |
Cloud ID | A unique identifier for the certificate in a cloud environment. |
Cloud Installation Added On | The date the certificate was added to the cloud environment. |
Cloud Installation Status | The current installation status of the certificate in the cloud. |
Cloud Keystore | The cloud-based storage service where the certificate is stored. |
Cloud Provider | The cloud service provider hosting the certificate (e.g., AWS, Azure, GCP). |
Errors | Lists any critical issues detected with the certificate. |
Expires In | The remaining time before the certificate expires. |
Extended Key Usage | Specifies additional purposes for which the certificate's key can be used. |
Fingerprint | A cryptographic hash used to uniquely identify the certificate. |
Id | A unique identifier for the certificate record. |
Imported From | Indicates the source system or method used to import the certificate. |
Is CA | Indicates whether the certificate belongs to a Certificate Authority. |
Is Self Signed | Indicates whether the certificate is self-signed. |
Issuing CA | The Certificate Authority (CA) that issued the certificate. |
Key Strength & Type | Details the cryptographic strength and algorithm type of the certificate key. |
Key Usages | The intended purposes of the certificate's public key (e.g., digital signature, key encipherment). |
Kubernetes Annotations | Metadata added to Kubernetes resources for informational purposes. |
Kubernetes Certificate Lifecycle Managed By | Indicates the controller or service managing the certificate lifecycle in Kubernetes. |
Kubernetes Cluster | The Kubernetes cluster where the certificate is deployed or associated. |
Kubernetes Labels | Key-value pairs assigned to Kubernetes resources for organization or selection. |
Kubernetes Namespace | The namespace within the Kubernetes cluster where the certificate resides. |
Kubernetes Used By | Lists the Kubernetes resources that use the certificate. |
Managed Since | The date when the certificate began being managed by the system. |
Network Discovery Configuration | Settings related to discovering certificates via network scans. |
Origins | Indicates where the certificate originated (e.g., imported, discovered, issued). |
Revocation Status | The current revocation state of the certificate (e.g., Valid, Revoked, Pending). |
Signature Hash Algorithm | The hash algorithm used to sign the certificate. |
Tags | User-defined labels for categorizing or organizing certificates. |
TLS Endpoint Validation Failure | Flags any failures in validating the TLS endpoint configuration. |
TLS Server Endpoints | Lists the server endpoints using this certificate for TLS. |
Validity (Days) | The total number of days the certificate is valid from issuance to expiration. |
Warnings | Lists non-critical issues or potential risks related to the certificate. |
Depending on the column type, you may be able to take one of several actions:
- Filter by this column. This adds the column name to the filter, so you can find all certificates that match your filter criteria.
-
Sort the visible records by this column.
Tip
This only sorts the certificates that you currently see on the screen, so make sure you filter the list first if it doesn't fit on one screen.
-
Pin a column to the right or left of the screen. This keeps the column always visible when you need to scroll horizontally through large tables.
- Manage columns or hide this column. Customize your inventory the way you want it by showing the fields you are interested in and hiding the ones you aren't. (Customizing the displayed columns is only temporary, and will be reset when browsing another page.)
Searching and Filtering¶
You could have a lot of certificates, so we've tried to make it easy to find a specific certificate. Use the Search box to find a particular certificate. You can search for text across multiple columns, including certificate name, Subject DN, Issuer DN, and SANs.
If you are a certificate owner, you might only be interested in your certificates. The My Certificates drop-down lets you toggle between seeing certificates assigned to you, or all certificates you have rights to see. (The Active Certificates view is the default view, so be sure to check the My Certificates view, as we think it is useful for most certificate owners.)
The Filters button allows you to create complex queries across multiple columns to help you find exactly those certificates that interest you. The filter query becomes part of the URL, meaning you can bookmark the Next Gen inventory, which will save the current filter settings as part of the bookmark. This allows you to create multiple bookmarks for your most-used filters. It also means you can send the URLs to colleagues so they can use the same filter criteria.
For detailed guidance on finding certificates in the inventory, refer to our dedicated article on using filters to locate certificates.
Display settings¶
The Columns button lets you control which columns are visible. The Density button lets you control how much space appears between rows.
Export¶
Use the Export button to save the visible data (including column names) as a .csv file.
Certificate actions¶
There are many actions that you can take on certificates from the certificate inventory. See the following for steps: