# Certificate Inventory

The Certificate Inventory in CERTInext provides a centralized and authoritative view of all certificates managed or discovered across the organization. It acts as the single source of truth for certificate ownership, deployment, lifecycle status, and risk posture.

The inventory aggregates certificates from:

* Manual issuance through CERTInext
* Automated discovery via Bots
* External Certificate Authorities
* Certificate Transparency (CT) logs (public-facing certificates)

Each certificate is tracked throughout its lifecycle, from issuance to decommissioning, ensuring no certificate remains unmanaged or forgotten.

<figure><img src="/files/OCMvPGAyKAIoIOM5Hx1d" alt=""><figcaption></figcaption></figure>

#### Inventory Capabilities

For every certificate, the inventory maintains:

* Certificate identity (CN / SANs)
* Issuer and CA hierarchy
* Certificate type (SSL/TLS, client, document signing, etc.)
* Validity period and expiration date
* Deployment locations and sources
* Cryptographic strength and protocol support
* Trust level and CA classification
* Lifecycle status (Active, Expiring, Expired, Revoked)

<figure><img src="/files/eWtzDEjK9YRFpZBmQEkG" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/FPTuiJSVonfMMVZpB2a4" alt=""><figcaption></figcaption></figure>

#### Operational Benefits

The Certificate Inventory enables administrators to:

* Quickly identify expiring or expired certificates
* Detect weak or non-compliant certificates
* Trace certificates back to their issuing CA and deployment location
* Support audits, compliance checks, and security reviews
* Serve as the foundation for renewal, provisioning, and remediation workflows

The inventory is continuously updated through discovery scans, issuance events, and lifecycle actions, ensuring real-time accuracy.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/certificate-lifecycle-management/certificate-inventory.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.