Hello 

We are implementing "Certificate Inventory and Management"  

I have added URL's into "sn_disco_certmgmt_cert_url"  which are discovered by a scheduled job correctly. 

The tables  "cmdb_ci_certificate"  and "sn_disco_certmgmt_cmdb_installed_certificate" are updated as expected. 

When I renew a certificate on a web server,  the records on "cmdb_ci_certificate"  and "sn_disco_certmgmt_cmdb_installed_certificate" are updated accordingly and "sn_disco_certmgmt_cert_url" is referencing the new entry in "cmdb_ci_certificate".  But the old certificate is still in  "cmdb_ci_certificate" with the state installed  (even no other URL is referencing this certificate anymore).  

If the time goes on and the old / unused certificate is not set to "retired" by us,  the renewal task and also an incident would be created.  

We are thinking about a scheduled job  to retire all entries in  "cmdb_ci_certificate" which are not referenced by "sn_disco_certmgmt_cert_url".  

What is the best practice here?

Sincerely Detlef Biedermann