Managing Installed Certificates¶
This page covers how to view deployment status, manage target system associations, trigger re-deployments, and investigate failed installations.
Viewing Deployment Status¶
Navigate to CLM → Certificates and open a certificate. The certificate detail page includes a Target Systems section that lists all systems the certificate has been associated with, along with the current deployment status for each.
| Status | Meaning |
|---|---|
pending |
The deployment has been queued but the Bridge has not yet picked it up. |
deploying |
The Bridge is actively pushing the certificate to the target system. |
deployed |
The certificate was successfully deployed. The timestamp shows when the last deployment completed. |
failed |
The deployment attempt failed. The error message is shown in the detail view. |
not_deployed |
The certificate has been associated with the target system but has never been deployed. |
Re-deploying a Certificate¶
You can push the certificate to a target system at any time — for example, after changing the certificate files on the target system or after the Bridge reconnects following an outage.
- Open the certificate detail page.
- In the Target Systems section, select Deploy next to the target system you want to update, or select Deploy to All to push to all associated target systems simultaneously.
- The deployment status updates as the Bridge processes the request.
Adding a Target System Association¶
To add a new target system to a certificate:
- Open the certificate detail page.
- Select Add Target System.
- Select the target system from the list of configured target systems.
- Select Save.
The certificate will be marked as not_deployed for the newly added target system until a deployment is triggered.
Removing a Target System Association¶
To remove a target system from a certificate:
- Open the certificate detail page.
- In the Target Systems section, select Remove next to the target system.
- Confirm the removal.
Removing an association does not uninstall the certificate from the target system — it only removes the tracking relationship in the platform. If you want to remove the certificate from the target system, do so manually after removing the association.
Investigating Failed Deployments¶
When a deployment fails, the error message from the Bridge is shown alongside the target system entry on the certificate detail page.
Common failure causes:
| Cause | Resolution |
|---|---|
| Bridge is disconnected | Verify the Bridge is running and connected under CLM → Bridges. |
| Target system unreachable | Confirm the hostname or IP address is correct and reachable from the Bridge host. |
| Permission denied on file path | Ensure the Bridge service account has write access to the certificate file paths on the target system. |
| Service reload failed | Check the target system's service logs. The certificate files may have been written correctly even if the reload command failed. |
| Invalid certificate or key | Verify the certificate is active and that the private key is available on the Back Control Plane. |
All deployment attempts — successful and failed — are recorded in the audit log under Admin → Audit Log. Search for events with the type certificate.deployment.* to view the full history for a certificate.
Audit Events¶
| Event | When |
|---|---|
certificate.deployment.requested |
A deployment was triggered by a user or automated process. |
certificate.deployment.success |
The Bridge confirmed the certificate was written to the target system. |
certificate.deployment.failed |
The Bridge reported an error during deployment. Includes the error message. |