Self-Service PEM Certificate Management
Overview
Ternary supports self-serve client certificate (PEM) regeneration, allowing Ternary Admins to renew expiring certificates directly from the platform, without requiring customer support or engineering intervention. This feature improves security, operational control and uptime resilience by empowering customers to proactively manage their certificate lifecycles.
What this feature enables
- With self-service PEM certificate management, Admins can:
- Regenerate a certificate with one click, without leaving the Ternary platform user interface.
- Monitor certificate health via status labels - Active, Expiring Soon, or Expired.
- Securely download regenerated PEMs.
- See automatic in-app expiry warnings ahead of time to avoid integration disruptions.
- For MSPs: Partner Admins can view all active certificate(s) with issue and expiry dates by accessing each child tenant.
Why it matters
| Challenge (Before) | Improvement (Now) |
|---|---|
| Certificates expired every ~3 years with no visibility | Central certificate overview with expiry tracking |
| Regeneration was not self-serve | One-click regeneration in Ternary |
| Past incidents caused downtime | Informative reminders at 90/60/30 days |
| Certificate distribution was manual and error-prone | Secure download link with expiry |
| No traceability of regeneration actions | Audit log entries with user, timestamp, IP |
View all PEM certificates with:
| Column | Description |
|---|---|
| Certificate Name | Name of the PEM certificate, typically tied to a specific Azure integration |
| Issue Date | Date the certificate was originally generated |
| Expiration Date | Certificate expiry date (Note: renewal must happen before this) |
| Status | Active/Expiring Soon/ Expired (with visual indication) |
| Actions | Includes "regenerate" for eligible roles |
Note: Certificates automatically enter an Expiring Soon state 30 days before expiration.
How self-service regeneration works
- Click Regenerate next to the relevant certificate.
- Confirmation modal appears: “Are you sure you want to renew the certificate? This will revoke the current certificate and create a new one. Any integrations using this certificate will need to be updated.”
- Click “Confirm”.
- The new certificate is available for download.
Expiration reminders (in-app only)
Ternary displays upcoming expiry status directly in the UI for certificate owners and Tenant Admins:
| Timeframe | Notification type |
|---|---|
| 90 days | Informational reminder |
| 60 days | Reminder to begin renewal |
| 30 days | Critical warning (status changes to Expiring Soon) |
| Expired | Certificate marked as Expired, regeneration strongly recommended |
Updated about 11 hours ago