Managing Certificate History

AppViewX lets you manage certificate status values after certificate renewal, reissuance, regeneration, or revocation. Certificate history is a record of a certificate’s lifecycle, including details of its issuance, renewal, reissuance, regeneration, and revocation. Maintaining certificate history helps organizations track changes, audit compliance, and manage security effectively. The corresponding user interface settings in AppViewX help determine whether historical records are maintained and how certificates transition between different statuses.

Viewing Certificate History

  1. Go to (Menu) > CERT+ > Certificate Inventory > certificate type (for example, Server).
    Certificate inventory for the selected certificate type is displayed.
  2. To open the holistic view of a certificate (where certificate history can be viewed), click the Common Name of the required certificate.
  3. In the certificate holistic view, from the toolbar, click History.
    The Certificate History dialog box is displayed.

Managing Certificate History

Important: If auto-archival settings have been enabled for renewed/regenerated certificates, the original certificates are moved to the Archived Inventory, rather than being deleted. Currently, reissued certificates are excluded from the scope of auto-archival settings.
To retain the history of a certificate:
  1. Go to (Menu) > CERT+ > ADMINISTRATION > History of Certificates.
  2. In the Manage Certificate History section, for Do you want to maintain the history of certificate after its renew/reissue/regeneration?, select Yes.
  3. From the end of the page, click Save.

Managing Certificate Status

Important: If auto-archival settings have been enabled for renewed/regenerated/revoked certificates, the original certificates are moved to the Archived Inventory. Currently, reissued certificates are excluded from the scope of auto-archival settings.

For Renewed/Reissued/Regenerated Certificates

AppViewX lets you move renewed/reissued/regenerated certificates from the Managed state to the Monitored state after a fixed number of days after renewal/reissue/regeneration. This helps free up license space, thus resulting in optimal license usage.

To manage the certificate status for renewed/reissued/regenerated certificates:

  1. Go to (Menu) > CERT+ > ADMINISTRATION > History of Certificates.
  2. In the Manage Renewed/Reissued/Regenerated Certificate Status section:
    1. For Do you want to move Renewed/Reissued/Regenerated certificates from Managed to Monitor?, select Yes.
    2. In the Number of days after Renewal/Reissuance/Regeneration (mandatory) field, enter how many days after renewal/reissue/regeneration should a certificate's status change from Managed to Monitored.
      Valid values for this field: 0 - 1999
      Note: The certificate status transition is timestamp-driven and triggered by a scheduler cron job. For certificates renewed, reissued, or regenerated, the status transition will occur based on the configured Number of days after Renewal/Reissuance/Regeneration.
      • If the configuration is set to 0 days, the transition happens immediately after the cron job executes.
      • For existing certificates (renewed, reissued, or regenerated prior to this configuration), the status transition will not be immediate even if Number of days after Renewal/Reissuance/Regeneration = 0. Their status will transition only after the cron job executes at its scheduled time.
  3. From the end of the page, click Save.

For Revoked Certificates

To manage the certificate status for revoked certificates:
  1. Go to (Menu) > CERT+ > ADMINISTRATION > History of Certificates.
  2. In the Manage Revoked Certificate Status section:
    1. For Do you want to move Revoked certificates from Managed to Monitor?, select Yes.
    2. In the Number of days after revocation field, enter how many days after revocation should a certificate's status change from Managed to Monitored.
      Valid values for this field: 0 - 1999
      Note: The certificate status transition is timestamp-driven and triggered by a scheduler cron job. For certificates renewed, reissued, or regenerated, the status transition will occur based on the configured Number of days after revocation.
      • If the configuration is set to 0 days, the transition happens immediately after the cron job executes.
      • For existing certificates (renewed, reissued, or regenerated prior to this configuration), the status transition will not be immediate even if Number of days after revocation = 0. Their status will transition only after the cron job executes at its scheduled time.
  3. From the end of the page, click Save.