Self-Service PEM Certificate Management
Learn how administrators and MSPs can manage PEM certificates in Ternary, including renewal, expiry status, and audit visibility.
Self-Service PEM Certificate Management allows Ternary administrators to renew expiring certificates directly within the platform. This removes dependency on support or engineering teams while improving security, operational control, and integration reliability. Certificate lifecycle status, expiry warnings, and regeneration actions are handled entirely through the Ternary UI.
What does self-service PEM certificate management enable?
This feature allows administrators to manage certificate lifecycles without external intervention. Capabilities include:
- Regenerating PEM certificates directly from the platform with a single action
- Viewing certificate health using clear status indicators: Active, Expiring Soon, or Expired
- Securely downloading regenerated certificates after renewal
- Receiving in-app expiry warnings to prevent integration failures
For MSP environments, Partner Admins can review active certificates, issue dates, and expiration timelines across individual child tenants.
Why is this feature important?
Previously, certificate management introduced operational risk due to limited visibility and manual renewal processes. Self-service management resolves these issues by making certificate status and actions explicit and auditable.
Key improvements include centralized visibility into certificate expiry, one-click regeneration, proactive expiry reminders, secure distribution of renewed certificates, and full traceability of regeneration events.
| Challenge (Before) | Improvement (Now) |
|---|---|
| Certificates expired every ~3 years with no visibility | Central certificate overview with expiry tracking |
| Regeneration was not self-serve | One-click regeneration in Ternary |
| Past incidents caused downtime | Informative reminders at 90/60/30 days |
| Certificate distribution was manual and error-prone | Secure download link with expiry |
| No traceability of regeneration actions | Audit log entries with user, timestamp, IP |
What information is available in the Admin Certificate Management list?
The Admin Certificate Management list provides a consolidated list of all PEM certificates with the following details:
- Certificate Name: Identifier associated with the integration using the certificate
- Issue Date: Date the certificate was originally generated
- Expiration Date: Date the certificate expires; renewal must occur before this point
- Status: Active, Expiring Soon, or Expired, displayed with visual indicators
- Actions: Regenerate option for eligible roles
Certificates automatically enter the Expiring Soon state 30 days before expiration.
How does self-service certificate regeneration work?
Certificate renewal follows a controlled, explicit workflow:
- Select Regenerate next to the relevant certificate.
- Review the confirmation message indicating the current certificate will be revoked and replaced.
- Confirm the action to generate a new certificate.
- Download the regenerated PEM and update dependent integrations as required.
All regeneration actions are logged for audit purposes.
How are certificate expiry reminders handled?
Ternary surfaces certificate expiry status directly within the UI for certificate owners and Tenant Admins. Notifications follow a fixed schedule:
- 90 days before expiry: Informational reminder
- 60 days before expiry: Renewal reminder
- 30 days before expiry: Critical warning; status changes to Expiring Soon
- After expiry: Certificate marked Expired; regeneration strongly recommended
Expiry notifications are displayed in-app only.
Updated 5 days ago