Certificate Inventory

The Certificate Inventory in CERTInext provides a centralized and authoritative view of all certificates managed or discovered across the organization. It acts as the single source of truth for certificate ownership, deployment, lifecycle status, and risk posture.

The inventory aggregates certificates from:

• Manual issuance through CERTInext

• Automated discovery via Bots

• External Certificate Authorities

• Certificate Transparency (CT) logs (public-facing certificates)

Each certificate is tracked throughout its lifecycle, from issuance to decommissioning, ensuring no certificate remains unmanaged or forgotten.

Inventory Capabilities

For every certificate, the inventory maintains:

• Certificate identity (CN / SANs)

• Issuer and CA hierarchy

• Certificate type (SSL/TLS, client, document signing, etc.)

• Validity period and expiration date

• Deployment locations and sources

• Cryptographic strength and protocol support

• Trust level and CA classification

• Lifecycle status (Active, Expiring, Expired, Revoked)

Operational Benefits

The Certificate Inventory enables administrators to:

• Quickly identify expiring or expired certificates

• Detect weak or non-compliant certificates

• Trace certificates back to their issuing CA and deployment location

• Support audits, compliance checks, and security reviews

• Serve as the foundation for renewal, provisioning, and remediation workflows

The inventory is continuously updated through discovery scans, issuance events, and lifecycle actions, ensuring real-time accuracy.