Certificates
The Certificates module helps you track SSL/TLS certificates, monitor expiration dates, and manage renewals to prevent security warnings and outages.
Overview
Track and manage:
- SSL/TLS certificates
- Code signing certificates
- Email certificates
- Wildcard certificates
- Internal/self-signed certificates
Why Certificate Tracking Matters
Expired certificates cause:
- Security warnings in browsers
- Failed connections
- Service disruptions
- Loss of customer trust
- Potential security vulnerabilities
Viewing Certificates
Navigate to Assets → Certificates to see all tracked certificates.
Certificate List
The list displays:
- Certificate name/domain
- Client
- Issuer (Let's Encrypt, DigiCert, etc.)
- Expiration date
- Status
Expiration Indicators
- 🟢 Green - More than 30 days
- 🟡 Yellow - 7-30 days
- 🔴 Red - Less than 7 days or expired
Adding a Certificate
- Click + Add Certificate
- Enter certificate details:
- Name - Identifier for the certificate
- Domain - Primary domain covered
- Client - Certificate owner
- Type - DV, OV, EV, Wildcard, etc.
- Issuer - Certificate authority
- Issue Date - When issued
- Expiration Date - When it expires
- Optional information:
- SANs (Subject Alternative Names)
- Associated server/asset
- Auto-renewal status
- Notes
- Click Save
Certificate Types
| Type | Description |
|---|---|
| DV | Domain Validated - Basic validation |
| OV | Organization Validated - Business verification |
| EV | Extended Validation - Highest trust |
| Wildcard | Covers *.domain.com |
| SAN | Multiple domains on one cert |
Certificate Detail Page
View full certificate information:
Overview
- Status and validity
- Issuer details
- Covered domains
Technical Details
- Serial number
- Signature algorithm
- Key size
- Fingerprint
Renewal History
- Past renewals
- Changes
Associated Assets
- Servers using this certificate
- Applications
Expiration Management
Automated Monitoring
Ascent can monitor certificates and alert you:
- 60 days before expiration
- 30 days before expiration
- 14 days before expiration
- 7 days before expiration
Renewal Tracking
Track renewal status:
- Auto-renew enabled (Let's Encrypt, etc.)
- Manual renewal required
- Renewal in progress
- Renewed (awaiting installation)
Let's Encrypt Integration
For Let's Encrypt certificates:
- Typically auto-renew every 90 days
- Track automation status
- Alert on renewal failures
Best Practices
- Track all certificates - Include internal and external
- Set early reminders - Allow time for renewal
- Test renewals - Verify auto-renewal works
- Document installation - Know where certs are installed
- Use automation - Let's Encrypt/ACME when possible
- Plan ahead - Budget for paid certificates