Managing Renewed Certificates¶
This page covers how to view renewal history, understand the state of renewed certificates in the inventory, and use renewal data in audit and compliance workflows.
Renewal History¶
Navigate to CLM → Certificates → Orders to view all certificate orders, including renewals. Each renewal appears as a new order entry with an order type of renewal.
The orders page shows:
| Column | Description |
|---|---|
| Common Name | The CN of the renewed certificate |
| Order Type | renewal |
| Status | Current status: pending, processing, issued, deploying, complete, or failed |
| Requested By | The user or automated process that triggered the renewal |
| Original Certificate | A link to the certificate that was renewed |
| Duration | Time taken from submission to completion or failure |
Select any order to open its detail page. Completed orders link directly to the newly issued certificate.
Locating Renewed Certificates in the Inventory¶
Each renewal produces a new certificate entry in the inventory. Navigate to CLM → Certificates and search for the Common Name to see both the original certificate and its renewal.
Use the Source filter with the value managed and sort by issue date to identify the most recently issued certificate for a given domain.
The original certificate remains in the inventory with its existing status. It will transition to expired when its validity period ends, unless it is revoked earlier.
Renewal Status on the Certificate Detail Page¶
The certificate detail page for a renewed certificate shows the full renewal lifecycle:
| Field | Description |
|---|---|
| Status | active once the certificate is issued and within its validity period |
| Renewed From | A link to the original certificate this renewal was created from |
| Target System Deployments | Deployment status for each associated target system |
The original certificate's detail page includes a Renewed To field linking to the new certificate.
Automated Renewal Status¶
If automated renewal is configured, you can monitor its status under CLM → Policies. The policy view shows:
- The last automated renewal date for each domain covered by the policy.
- The next scheduled renewal check.
- Any certificates that are within the renewal threshold but have not yet been renewed.
Audit Events¶
All renewal actions are recorded in the audit log under Admin → Audit Log:
| Event | When |
|---|---|
certificate.renewal.requested |
A renewal was triggered by a user or automated process. |
certificate.renewal.dispatched |
The renewal request was sent to the Back Control Plane. |
certificate.renewal.issued |
The new certificate was issued and stored in the inventory. Includes the new certificate UUID. |
certificate.renewal.deployed |
The renewed certificate was pushed to all associated target systems. |
certificate.renewal.failed |
An error occurred during renewal. Includes the error message and the stage at which the failure occurred. |
Each audit entry records the original certificate ID, new certificate ID (once issued), the Common Name, and the acting user or process.
Renewal in Reports¶
The platform's reporting system includes a Renewal History report under the Certificate Lifecycle category. This report lists all certificates renewed within a selected time window, with columns for Common Name, original expiry date, new expiry date, renewal method, and issuing CA.
Use this report for:
- Compliance reviews — demonstrate that certificates were renewed before expiry and that key material was rotated.
- Automation verification — confirm that automated renewal is operating correctly across all managed certificates.
- Capacity planning — understand renewal frequency and volume to anticipate CA load.
See Available Reports for the full report specification.
Next Steps¶
- Best Practices for Certificate Renewal
- Certificate Revocation — revoke the original certificate after renewal if required.
- Managing Installed Certificates — verify deployment status after renewal.