Automated certificate renewal¶
Automated certificate renewal eliminates the need for manual updates, significantly reducing the risk of service interruptions due to expired certificates. It is designed to enhance security and simplify certificate management. In addition, eligible certificates can also be auto-provisioned upon successful renewal.
Features and benefits¶
- Enable or disable auto-renewal at the application level
- Renewal window can be set globally. Global window can optionally be overridden at the application level
- Designed to ensure renewal within the specified window to prevent outages
- Eligible certificates can be auto-provisioned after renewal
- Notifications sent through email or messaging services (using webhooks)
- Applicable approval workflows will still be enforced on auto-renewed certificates
- Applies to certificates provisioned to AWS Certificate Manager, Azure Key Vault, and Google Cloud Provider
Audience and use cases¶
This feature is targeted towards owners of applications who require automated certificate management for multiple applications. Use cases include auto-renewal of certificates nearing expiration, scheduled tasks for inventory scanning, and automated push provisioning for enhanced security.
Are there circumstances where I shouldn't use auto-renewal?
If renewal or provisioning is already being done outside of TLS Protect Cloud, such as using Venafi VCert, auto-renewal or auto-provisioning could cause problems with either renewal or provisioning, depending on your configuration.
Next steps¶
Learn how to enable and configure auto-renewal.