Skip to content

Settings that affect license consumption

TLS Protect Cloud counts Secured Certificate Instances (SCIs) to track license usage. Most SCIs are created automatically when certificates are issued, renewed, installed, or monitored. However, certain platform settings can increase or reduce how many certificates count toward your SCI entitlement.

Understanding these settings can help you optimize license usage and avoid unintentional overages.

Monitoring certificates not assigned to applications

By default, TLS Protect Cloud does not monitor certificates that are not assigned to any application. This helps reduce unnecessary SCI consumption.

You can change this behavior by enabling the Monitor certificates that are not assigned to any application setting. (This is done in Policies > Certificate Lifecycle > Certificates Expiration Notification Policy > Applications to Monitor.)

When you enable this setting:

  • Certificates that are not assigned to an application but are still being monitored will count as SCIs.
  • A warning message explains the potential licensing impact before the setting is saved.

Tip

If your organization uses inventory monitoring heavily but doesn’t assign certificates to applications, enabling this setting may significantly increase license usage.

Discovery and import behavior

All discovery and import jobs in TLS Protect Cloud use certificate reconciliation logic to determine whether a discovered certificate is new or already known. This helps ensure that:

  • Re-imported certificates do not cause duplicate SCIs
  • Certificate counts reflect meaningful changes in your environment

This behavior is automatic and does not require configuration, but it’s important to understand that discovery does not directly result in SCI usage unless the discovered certificate meets one or more of the SCI qualification criteria.

Installation location tracking

The number of SCIs may increase if a certificate is installed in multiple locations. Each unique installation location (such as a server, Kubernetes service, or keystore) where a certificate is deployed counts as a separate SCI.

If you're deploying the same certificate to many endpoints or services, consider reviewing how those installations contribute to your SCI usage.