FAQ Hero
Certificate Management

What are the Five
Stages of the
Certificate Lifecycle?

What are the Five Stages of the Certificate Lifecycle?

The TLS/SSL certificate lifecycle is broken down into five stages and some steps can occur throughout the certificate lifecycle once a certificate is issued (i.e. automation & discovery).

The primary five stages of certificate lifecycle management include:

  1. Issuance & Installation – After completing the certificate validation process by a trusted Certificate Authority, your SSL certificate is then issued. Once issued, you must install the certificate for your domain or server.
  2. Discovery – Our discovery tools are crucial for tracking and monitoring all the certificates issued for your domains or servers and keeping a pulse on certificates that are close to expiring and need to be renewed.
  3. Remediation – If there is an issue or vulnerability with a certificate, you may need to revoke the certificate and reissue it. DigiCert® CertCentral® provides the tools to instantly revoke a certificate and reissue it.
  4. Renewal – Under official CA/B Forum rules, all public-facing TLS certificates must now be renewed on an annual basis, or approximately every 13 months. However, some organizations prefer to replace certificates under even shorter timelines.
  5. Automation – The entire process of managing TLS certificates can be automated from hosted, agent-based or sensor-based tools including ACME URL or DigiCert Automation Manager.