TRUST LIFECYCLE MANAGER
BeyondTrust
Integration Overview
BeyondTrust customers use Password Safe to securely manage the credentials for privileged accounts that control critical devices, such as network infrastructure and application servers. These customers can use the BeyondTrust Connector from DigiCert to allow DigiCert Trust Lifecycle Manager (TLM) to securely automate the issuance, rotation, and revocation of TLS certificates on those critical devices using the appropriate privileged credentials.
Together, Trust Lifecycle Manager and Password Safe:
- Replace or harden password-based workflows with certificate-based admin access (mTLS) for vault-to-target, jump host, and session proxy connections
- Auto-renew appliance/web console and connector certificates to prevent outages under the upcoming 47-day TLS lifetime
- Provision short-lived client certs for admins, services, and connectors, with policy-driven rotation
- Maintain a unified, auditable certificate inventory
The result is fewer outages, stronger Zero Trust controls, faster incident response via instant revoke, and simpler compliance across PAM infrastructure.
The customer needs at least one active DigiCert sensor to securely establish and manage the connection to the Password Safe secrets manager instance. For fault-tolerant connectivity, multiple sensors can be used to manage the connector. If one of the sensors fails, the connector automatically fails over to another sensor.
What it does
- Discovers all existing TLS/SSL certificates on protected systems.
- Imports discovered certificates into a centralized DigiCert Trust Lifecycle Manager inventory.
- Automates certificate issuance, renewal and replacement directly from DigiCert-managed sources.
- Securely deploys valid certificates to protected devices through a DigiCert sensor.
- Ensures continuous visibility into certificate status, expiration, and compliance posture.
Why it matters
- Reduce downtime: Eliminate service disruptions due to misconfigured or expired certificates
- Lower admin effort: Automate renewals and deployment instead of manual updates
- Centralize visibility: Maintain an accurate inventory of certificates across the network
- Improve security: Ensure all NetScaler appliances have valid, trusted, and compliant certificates with increased cryptographic agility.
How it integrates
- Uses the DigiCert sensor for secure communication with the Password Safe instance, either in the cloud or on-premises.
- Trust Lifecycle Manager acts as the control plane for certificate discovery, issuance, renewal, and deployment.
- No inbound network communications from the DigiCert cloud
Resources
- DigiCert documentation: BeyondTrust connector
- DigiCert documentation: Support in TLM for secure credential retrieval from BeyondTrust vaults for authenticating AWS Certificate Manager (ACM) automation flows
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2025 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings