Automated certificate management for TLS certificates
From Certificate Inventory and Management Version 1.3.8, you can automate the request flow for new certificates, renewals, and revoking certificates.
Certificate Inventory and Management automatically fetches certificates from Certificate Authorities (CAs) without requiring manual intervention from the PKI team. Starting in Version 2.1.0, this feature supports DigiCert and Entrust CA Gateway for seamless automatic fulfillment flows, with the limitation that only OV DigiCert certificates can be requested. Version 2.3.2 introduces support for the Microsoft CA. For more information, refer to the respective provider documentation. For automated flows with DigiCert or Entrust CA Gateway in Certificate Inventory and Management, you must have permissions to request, renew, and revoke certificates.
| Permission | Action |
|---|---|
| CredSSP on CA, intermediate server, and MID Server | Set up CredSSP on CA, intermediate server, and MID Server. For CredSSP configuration steps, see the Now Support Knowledge Base documented in the KB article KB1632624. |
| Membership in Enterprise Admins | Ensure the user holds membership in the Enterprise Admins group. |
| Security Group Inclusion for Template | Ensure the user is included in the Security Group of the template. |
| Specific Permissions in CA | Grant the user permissions: Read, Issue and Manage Certificates, Manage CA, and Request Certificates in the CA. |