Inventory Management
This guide explains step-by-step how to manage certificate inventory in SecTrail CM, import certificates, manage CSR (Certificate Signing Request), and track certificate lists.
Inventory management allows you to view a centralized list of certificates signed through SecTrail CM and certificates imported from external sources. For certificates found through discovery, review the Discovery Configuration page.
Certificate Listβ
View and manage all imported and discovered certificates in a centralized list.
To access the certificate list: Go to Inventory β Certificate List menu.
Certificate List - All Certificates and Their Status
List Informationβ
The following details are displayed for each certificate in the certificate list:
| Column | Description |
|---|---|
| Identifier | Auto-generated unique identifier for the certificate |
| Created At | Date and time the certificate was added to the system |
| Subject | Certificate subject information (CN, O, OU, C, ST, L) |
| Certificate Type | Certificate type (CERT/KEY, Certificate, CSR) |
| Issued By | CA (Certificate Authority) that signed the certificate |
| Not Before | Certificate validity start date and time |
| Not After | Certificate validity end date and time |
| Status | Certificate management status: Managed (Managed) or Monitored (Monitored) |
| Password | Certificate private key password |
Certificate Statusesβ
Each certificate has a status indicator on the left:
| Icon | Status | Description |
|---|---|---|
| π’ | Active | Certificate is valid and active |
| π‘ | Expiring Soon | Certificate will expire soon |
| π΄ | Expired | Certificate has expired |
Available Operationsβ
Top Menu Operationsβ
- Show 10 rows - Set number of certificates to display per page
- Selection - Select certificates for batch operations
- Export - Export certificate list (CSV, Excel, PDF)
- Import - Import new certificate
- Revoke - Revoke selected certificates
- Delete - Delete selected certificates
- Download - Download selected certificates in different formats (Zip, Pfx, Jks, Cer, Chain, Bundle, Der, P7b, Key)
- Last - View recently added certificates
- Show/Hide Columns - Customize displayed columns
Filtering and Searchβ
You can search each column in the list and adjust the number of records displayed per page.
Row-Based Operationsβ
You can perform view, download, delete, and detail view operations on each certificate row.
Batch Operationsβ
You can select multiple certificates to perform Export, Download, Revoke, or Delete operations in bulk.
Revoke operation revokes the certificate from the CA and is irreversible. Delete operation only removes it from SecTrail CM inventory.
CSR Listβ
You can view and manage all certificate requests (CSR) in a centralized list.
To access the CSR list: Go to Inventory β CSR List menu.
CSR List - Certificate Requests
List Informationβ
The following information is displayed for each record in the CSR list:
| Column | Description |
|---|---|
| Identifier | Auto-generated unique identifier for the CSR |
| Created At | Date and time the CSR was created |
| Subject | Subject information in the CSR (CN, O, OU, C, ST, L) |
| E-Mail Address | Email address defined in the CSR |
| Certificate Type | CSR type (usually CSR) |
| Password | CSR private key password (shown hidden if exists) |
Available Operationsβ
Top Menu Operationsβ
- Show 10 rows - Set number of records to display per page
- Selection - Select CSR for batch operations
- Export - Export CSR list
- Import - Add new CSR
- Delete - Delete selected CSRs
- Download - Download selected CSRs
Filtering and Searchβ
You can search each column in the list and adjust the number of records displayed per page.
Row-Based Operationsβ
You can perform view, download, and delete operations on each CSR row.
Certificate Importβ
SecTrail CM offers flexible import options that support different certificate types and sources.
To import certificates: Go to Inventory β Import Certificate in the application panel.
Certificate Import Screen
Certificate Typesβ
You can select one of the following certificate types on the import screen:
| Type | Description | Use Case |
|---|---|---|
| Cert&Key | Certificate and private key together | For importing existing active certificates and keys |
| Certificate | Certificate file only | For monitoring purposes or adding certificate only without key |
| CSR | Certificate Signing Request | For creating and managing certificate requests |
| PKCS12 | Certificate and key packaged in PKCS#12 format | For certificates exported from Windows or Java environments |
Cert&Key Importβ
Used to import certificate and private key together.
Configuration Parametersβ
| Parameter | Description | Options |
|---|---|---|
| Certificate Type | Select data type to import | Select Cert&Key |
| Source | Determine how to provide certificate and key | β’ Upload File: File upload β’ Paste Text: Paste text |
| Custom Certificate File | Upload certificate file | In .crt, .cer, .pem formats |
| Custom Key File | Upload private key file | In .key, .pem formats |
| Custom Chain File | (Optional) Certificate chain file | For Intermediate and Root CA certificates |
| Key Security | Determine key security level | β’ Normal: Unencrypted key β’ Password: Encrypted key (passphrase required) |
| Key Import | Select where the key will be stored | β’ Key: In SecTrail CM database β’ Database: Store in separate database |
| Add to Managed-Manual List | Add certificate to managed list | Check for manual management |
- Use Custom Chain File to add Intermediate CA and Root CA certificates
- For encrypted keys, select
Passwordin Key Security field and enter password - Key Import option is important for secure key storage
Stepsβ
- Select
Cert&Keyas Certificate Type - Select
Upload FileorPaste Textas Source - Upload certificate, key, and chain files via Browse buttons or paste their contents
- If key is encrypted, select Key Security
Passwordand enter password - Select Key Import method (Key or Database)
- Optionally check Add to Managed-Manual List option
- Click Import button to complete the import
Certificate Importβ
Used to import certificate file only (without private key).
- When adding public certificates for monitoring purposes
- For certificates that will only be monitored
- For third-party certificates you don't have the private key for
Configurationβ
Select Certificate as Certificate Type and upload only the certificate file. Other steps are the same as Cert&Key.
CSR Importβ
Used to import Certificate Signing Request (CSR) files.
Certificate Signing Request (CSR) is a special file used when requesting an SSL/TLS certificate from a Certificate Authority (CA). CSR contains domain name, organization information, and public key.
Configurationβ
- Select
CSRas Certificate Type - Upload your CSR file or paste its content
- Click Import button
PKCS12 Importβ
Imports certificates and keys packaged in PKCS#12 format.
PKCS#12 (usually with .pfx or .p12 extension) is a format that packages certificate, private key, and chain in a single file. It's commonly used when exporting from Windows IIS and Java Keystores.
Configurationβ
- Select
PKCS12as Certificate Type - Upload
.pfxor.p12file - Enter PKCS12 file password (if exists)
- Click Import button