Name: Trust Lifecycle Manager: Managing Digital Trust in the Modern Enterprise
Uploaded: 2025-03-13T11:16:07.094Z
Duration: 1 h 4 s
Description: Trust Lifecycle Manager: Managing Digital Trust in the Modern Enterprise

Transcript for "Trust Lifecycle Manager: Managing Digital Trust in the Modern Enterprise": Modern enterprise. Joining us today is Anthony Ricci, senior director of product management at Digicert. Thank you for joining us. Before we get started, I wanted to quickly run through some housekeeping items. Number one, today's webinar is being recorded and will be sent out after the webinar ends. Number two, if you're having trouble with audio, try refreshing your browser, and if the problem persists, message into the chat, and we'll help you get it figured out. And number three, feel free sorry. Feel free to put any questions in the chat at at any point during the webinar as we will be doing a q and a session at the end of the presentation. And then if we don't get to your question on the webinar, we will have somebody be reaching out to you after to help get those answered. So thank you all again for joining us, and I will turn the time over to Anthony to get us kicked off. Thank you, Taylor. Appreciate that, folks. Pleasure to meet you today, and thank you for giving me the opportunity to present to you today. We are planning on going over, trust life cycle manager, which is our certificate life cycle management solution and, give you guys the capabilities to kinda see kinda some of the exciting things we've done here at Digicert. So why don't we go ahead and get started? Well, actually, before that, why don't we go ahead and, move to the next slide? Alright. So just kinda give you a background. I myself, I've been in the industry for, roughly since 02/2007 from a PKI perspective in IT engineering and development and and consulting for roughly around thirty years. So I've kinda been around the block a bit. So I've seen a lot of different types of systems. So looking forward to a great conversation today. Hopefully, we'll get some good questions so we can kinda drive in some of the services and offerings that DigiCert has. First thing we're gonna start with is, you know, any system needs, certain configurations. So we're gonna take a look at kinda some of the different, aspects of Trust Life Cycle Manager that you would need to kinda drive some of the configuration within your environment. A lot of organizations that we talk to have a challenge because they have different, groups, that may be geographically dispersed or certainly could be, you know, different, you know, logical separation of groups. Like, maybe you have your IT operations or SRE group or possibly your identity access management environment. So you wanna make sure that those, those those organizations have the capability to kinda manage, their certificates and how they see it. So we kinda move into the product. So a couple things here to to note. Here's the the trust life cycle management dashboard. We're gonna go into, the the configuration of the product. We're gonna go into something that's called business units. Not very attractive, but it's kind of a logical separation. It allows you the power here is to give limited view to different privileged administrators within your organization. Here, you can see I kinda geographically disperse the different business units. And a lot of times, organizations come to us and say, okay. I'm I'm I have a small encryption team. I need to kinda enable the service owners or, product, service owners or business owners to be able to kinda enable their IT stacks, whether it's in the cloud, like using Azure, AWS, Google, or on premises. They're kinda deploying maybe some legacy applications or on premises, technology that they need to support. Or maybe it's, you know, operational, operational systems, you know, like SAP or some kinda other workflow that they need support within their environment. Regardless of how you configure your environment, you give that capability to kinda drive into creating these logical units, give the capabilities to bring in, different administrators, and those administrators will only see their technologies that they need to support. Very powerful. Gives you that least privileged access. The great thing about, trust life cycle manager, it has the capabilities to different do different, methods of authentication. A lot of our customers are looking for single sign on capabilities, so we support, like, OpenID Connect or SAML. We can actually do serve based authentication as well. So variety of ways for you to kinda enable those identities and allow your, your administrators to be able to get into the environment and be able to manage it. So from a business unit perspective, and then we'll kinda talk a little bit about, PKI, and we'll touch base on it. A lot of organizations that we work with really kinda focus on our public TLS offerings, which, of course, Distributed's been in the industry for, quite a long time. And they've, offered a variety of different, you know, publicly trusted, certificates or digital certificates within the industry that are you know, obviously, we're globally renowned for kind of being a high assurance, certificate authority within, within the cap forum. So and and that's understandable. That is one of the many offerings that we have. We also have a variety an an immense amount of our customers are leveraging us for what we call managed PKI, which gives us capability to kinda issue and deploy private PKI on your behalf. Our PK operations team that runs our publicly trusted CAs are the same teams that that manage your privately trusted CAs as well. And we have, services that give you the capabilities for us to kinda create those key ceremonies to generate those those, root CAs, store them securely, or if you need if you're a large organization that needs capabilities to kinda manage those root CAs and then sign what we call our subordinate subordinate CAs to kinda issue and deploy certificates based on policy, we can do that too. And then deploy those, sub CAs or what we call ICAs within our product to kinda enable and facilitate workflow. What does that mean for trust life cycle manager? Well, that gives you the capabilities to not only manage your public TLS to where you're deploying on endpoints that are publicly trusted, your internal, certificates. Whether you're, you know, secured workforce, managing things through, like, MDMs like Intune or Jamf, and you're deploying it onto workstations or devices within your, your employee base or as well as meeting services within your cloud environment. If you're doing what's called mutual TLS where you have to authenticate two different services or you have back office systems talking to other systems. So we have a variety of use cases that we support, and then we have an easy to use kind of policy configuration. We'll go into, base templates. And you could see we, kinda define a variety of different use cases here, whether we are supporting, user based certificates where we're doing identity, identity certificates for, you know, individuals within your organization or contracted, vendors that you work with or contracted partners or organization based certificates as well as, you know, overall certificate management from a server perspective or device perspective. So you can see there are a variety of different use cases that we can support within the environment. And then these templates are very easily configured to your private CAs. In some cases, you have, public CA, products that you can support. Now if you're familiar with our cert central product, which is our flagship product that actually issues those public TLS, well, that gives you that trust life cycle manager works in conjunction with that solution. So we have internal connectors that we build that give you the capabilities to kinda bring in your current inventory, if you're a current customer. Or if you're a new customer, give you the capabilities to kinda if you want to use our public TLS offering, you have that capability. But if you're with another vendor, you certainly can use Trustlike CycleManager for a variety of different other use cases. So again, you could see, you know, we actually are CA agnostic. You know, we actually tie into on premises CA's like, active directory certificate services. Most of our customers have an AD, environment. We actually tie into AWS private CA. We actually can issue less encrypt certificates too, for customers that wanna use that for within their development or testing environment for their developers. And then most of our customers are looking to kinda leverage our, our public TLS within our environment as well. So this is all kind of focused on configuration. So once you've configured those environments, you could see, like, when I go back into the dashboard, I have the capabilities to kinda drive into a variety of use cases. Certificate expiration, you could see, and we'll talk a little bit about how this data gets into the product, but a lot of ways that we aggregate in the dashboard, we can drive into the variety of different you know, metrics that we have within within this this dashboard environment, which is very interactive, and gives you capabilities to to kinda not only understand your environment, but two, to kinda enable different workflows or user flows within your organization to kinda enroll and manage and automate, in a lot of cases, certificates. So moving forward, we're gonna go to our inventory. But before we talk about inventory so I talked about kinda how we kinda enable publicly, trusted certificates and private trust certificates. Our inventory views give you the capabilities to kinda slice and dice data how you need to, to see it within your environment. So if you're, like, looking in a a variety of different certificates, you can kinda drive into that those details. You can see there's, we have a variety of different properties that we manage from a structured data perspective. So we capture all this data in here that you can kinda filter down and then really create some finite, what we call views, which are slices of data. Now remember, if you are a customer and you are, let's say, going into, you're going into an environment where you're kinda driving, from you're driving into, like, a certain business unit, you can segment by business unit, and you'll only see what's what you have access to within the product. Now here's the other thing too. If you look here, you know, you have different ways to kinda manage. You see I have, some custom views that I have that I can pin. I can, save those, filters, and that allows me the capability to kinda drive into that data later on if I want to. So let me go here. Go to another view. And, we have this called, you know, our and maybe you just wanna see all your certificates that are expiring within thirty days. So here you can see a variety of different certificates that I have issued and the issuing CA. I can do what's called tagging, which is kind of a extended attributes associated, which allows you to group within your reports. And, that brings up another thing, talking about reports. As we kinda work through, the different inventory, you know, as we kinda accumulate and load this data within our product, what use would it be if we couldn't separate and, report and notify and alert? So it's really easy for us to kinda drive into notifications and and reporting. And you could do schedule reports from the product and kinda deliver it to a variety of different, individuals within your organization that may need those type of reports, or you can do an instant download report right from the solution. So, you know, very powerful. Gives you capabilities to kinda drive that data in real time and be able to kinda manage it from a from a admin admin perspective. And then depending on kinda what the intent is, you know, if you're part of the identity access management team, you kinda need to see what certificates are issued or coming to expirations or determine if certificates aren't, if there's a possible disruption of service, you could see that. Maybe your IT operations, you wanna look at your either your, Kubernetes environments or, like, your your SRE, operator that needs to kinda look at your cloud based services or on premises, you know, web servers like Windows, IIS, or you're running Linux based like Apache, Tomcat, or regardless of any of the type of web servers you manage, you have a variety of ways you kinda discover that data within our product and then drive it. So I mentioned discovery a few times. I mentioned sources of data a few times. So one of the many sources, one is coming from RCAs or you're issuing you're issuing from public interest certificates that synchronizes and brings it into trust life cycle manager for for management. If we have, spun up and been able to kinda generate, ICAs within this environment and be able to kinda enable that so that you can kinda issue certificates from trust life cycle manager into your environments, whether it's on premise or cloud, that shows up too. You can you segment it by business units so you can see limited access. But we also have external sources, and we also have capabilities to do a variety of different discoveries. So as we look at our capabilities, when we go into what was called our connector connectors, we have a variety of ways that we can drive into, you know, whether you want us to do discovery on maybe your load balancers like A10, Citrix, or F5. Maybe you want us, like, as I mentioned, talk to AWS private CA. No. We can actually do issuance from those, cloud based CAs as well as be able to discover and bring that data or those certificates into TLM for policy enforcement, alerting, notification. A lot of customers use all of all this data to to ensure consistency, and then they mitigate risk from a disruption of service perspective. So as you can see, you know, we we continue to evolve and mature our product and add different collectors or, different connectors that give us capabilities to kinda drive a variety of different use cases for customers. You could see here, we do have, you know, two tiles for Qualys and Tenable. If some of you are familiar with those scanning solutions or use them internally, well, you can leverage them in the system as well. So we have customers that have a tendency to be able to give the capabilities to kinda drive those certificate those scans into the product and allow, Trust Life Cycle Manager to kinda notify and regulate those within the environment as well. So in this case, we have our network based scanning solution as well that we can use, and you can kinda run our scanning solution and, and maybe augment or vice versa. You use Qualys mostly and you wanna augment, DigiCert scanning solution for other environments that may you may not be running Qualys or Tenable. You have that capability in the product to do so. So, again, as I mentioned, variety of different ways to kinda you know, I always look at trust life cycle manager as that Swiss army knife with a variety of different ways to kinda interoperate with different, services that you have as well as, within, any type of platforms that you're running within your organization. So moving forward. So now we know, at this point, we've configured our environment. We've created our business units. We've given, enabled all of our administrators to do a variety of different, functions within the product, which, by the way, we can we have a variety of different ways that we can do enrollment. And now the next step is how do we automate? Right? So there is so that that's a that's a very broad question. We hear that a lot of times, like, we have to automate as an organization. And a lot of times, they just assume it's the publicly trusted certificates that they deploy on web servers, which, by the way, is very important. But automation comes in many forms. You know, I talked about secure workforce, so we have capabilities with services that we run within TLM that are associated that do what's called EST and SCAP. And they tie into a variety of different appliances and applications, whether they're network routers or or you may have certain devices that use those protocols field issue certificates. Intune or, as I mentioned, MobileIron or Jamf, they all use, some form of flavor of SCAP in most cases to kinda issue and deploy certificates for, customers. We have tight integrations with all of those that give you the capabilities to really drive that centralized visibility and policy management from Trice Labs echo manager into a variety of different, client devices and and applications and users that you're managing within your organization. So stepping back a little bit to automation, we do have ACME as well. So we have an ACME service that not only allows you to issue publicly trusted certificates from, you know, your search central accounts and then tie right into trust life cycle manager for manage management. We have other policy enforcements above and beyond that, so it really gives you a lot of control on how you deploy Acme within your environment. For example, you may want certain business owners. Let's say if you're a Canadian, you're you're you're a Canadian organization or maybe you're a European, there are certain maybe FQDNs that you wanna allow those business owners to be able to issue from. Well, Trust Life Cycle Manager gives you that capability to kinda create those white lists, And then when they enroll, you can error them out or give them the notification to not you're not you're not allowed to issue from this FQDN. Now we also have the capabilities through these products or through these different services to be able to issue privately trusted certificates. So as I mentioned before, if you use us to kinda onboard, your ICAs and allow us to kinda, give you the capabilities to kinda manage or help you manage those CAs through our product, You can use our services to issue and deploy those in a variety of different ways. And then, of course, kinda pivoting back to the example that we're talking about with our server automation, let's kinda go through one of those. So I have an example here of a web server that I'm running. And I had this web server. This is an IS server, but it could be any web server you want. It's just running. It's just a simple website here. And I found out through discovery using our services that it is, an Entrust certificate. So what I wanna do here is I wanna switch it out with the Geotrust or not sorry. Not Geotrust. We actually yes. I'm gonna do a Geotrust domain validate certificate because I wanna show the the domain control validation automation. Geotrust is a company that's owned by Digicert, by the way. So going back over here, I'm gonna go into my inventory, and I'm gonna kinda drive it. There's a few ways I can drive into this data. You could see, you know, in this this server that I'm running, you know, I can actually do what's called system based discovery, which gives you the capability to do system scans within your different servers. That gives you, the capabilities to to be able to see, like, trust stores or PEM files or any type of crypto assets that are storing digital certificates within that may not necessarily be bound to an endpoint service or a service that you can't see doing a traditional network scan. So again, this is where the extensibility of our discovery comes into play to kinda drive that into the product. Now manage certificates, you can see that I'll have I'm running SNI on this. So I can see there's a variety of different use cases or, certificates that are managing, and and I'm gonna look at SNI five. And you can see here it's an Entrust certificate. So what I'm gonna do is I'm gonna go in here, and I can run this automation. So I'm gonna go ahead and replace this certificate. So if I go into automation, I get the capabilities to do that, and I can set up for auto renew for it to actually issue and deploy within the product. So here one second. Now the other way we can do, automation within the product too is to kind of facilitate and manage, your f fives for example. So if you've if you have different load balancers within your environment, you have the capabilities to kind of drive that automation as well. So we have a technology that's called our sensor technology. You can see here. It gives you the capabilities to kinda talk to it's kinda called distributed automation and, discovery and automation that gives you the capabilities to kinda manage those environments. And it really kinda creates, it really creates a way for you to kinda connect into a variety of different services. We use the same technology to be able to tie into your active directory, for example. I'm sorry. Or AWS, for example, or be able to tie into Azure where we kinda deploy into Key Vault. So, an example would be is to kinda drive what's called an admin web request where you can actually go in here and be able to kinda define the type of certificate you wanna issue and deploy that. And what that allows you to do is not only be able to kinda generate and deploy that certificate within the product, it gives you the capability to bring it into an auto renewal cadence. So a lot of our organizations will want to kinda schedule, you know, custom schedule. Maybe they wanna refresh those keys for those certificates on a a a less than like an interval basis where you give the capabilities to kinda drive that automation without, having a manual gate. Well, you're able to do that through the product by doing, like, you know, maybe three day renewal. We have customers that are doing it on a daily basis and generating that. Now when you have automation enabled and you're talking to those endpoint services, it's very easy for you to allow this to happen because you're just you're monitoring at this point. It's not necessarily what I consider fire and forget because you don't necessarily wanna do that. You wanna always have visibility and be notified when there are exceptions. Right? So those are the this is how you kinda drive those capabilities in the product. The other thing I'd like to mention is tagging. So, you know, a lot of, a lot of organizations as you like we talked about, like segmentation, by business unit, but you also have the capabilities to enable different, like, free form tags within the environment. As I mentioned, it's kind of a grouping capability. So we allow the provisioning from either profiles or your requesting or even, like, through our connectors where you can tag certain aspects for reporting. So depending on what your reporting requirements are and what type of people or what type of individuals or employees or, customers or or not customers, but employees or or different administrators in your organization that need to kinda manage or or, review, you can kinda create those, reports. So you can create those tagging capabilities to to be able to be associated to that certificate to kinda run very rich, robust reports within your organization. And it's not just one tag per certificate. You can have multiple tags. So you can kinda slice and dice it however you need to kinda manage that. So talk a little bit about management, you know, from a server automation perspective and how you can manage your in this case, you know, you you have a variety of ways to kinda, you know, generate and deploy and provision those certificates all the way into a renewal cadence. And then also the capabilities to kinda drive into the different cloud based services, whether you're running, you know, Azure or Google or AWS or leveraging some of our Acme solutions to be able to kinda facilitate maybe even an open source Acme agent that you're deploying within your environment. So we're we are compliant and we we continue to kinda evolve our Acme service because we have a lot of customers that that use that in conjunction with our some of our services that you run within your premises. Now let's kinda pivot a little bit. I think the question that we get asked too is, like, when you, as an encryption services group or, management throughout publicly trusted certificates as well as private, you're always gonna have people that want to or need to request within your organization. And these folks may not be people that are administrators. They can be business owners. And they probably don't necessarily need access to, to Trust Life Cycle Manager, but they need some kind of self-service portal to do that. Well, we have that capability in the product that give you the, access to do that, and we can kinda drive that through it, in a variety of different ways. So we have this what's called our self-service portal, which can leverage your IDP, whether you're using, you know, like, paying Okta, EntraID, or using ADFS to kinda create those as, you know, the the authentication. And and, DigiCert can act as or in this case, Trust Life Cycle Manager can act as, an SP to those environments. So let me kinda bring in kind of a sample portal. So what you can see here is let me make this bigger. One second. So what I did is I actually configured and set up an environment where I created this very simplistic portal. I know it just shows a few things, but you can you can configure this in your environment. And it can be different IDPs that you may have that have access. So, for example, we have organizations that have multi IDPs because they may be in different environments. So like here, it's very easy to set up as you go into self-service portal, and you can create these authenticated portals. And then you tie in the IDP at this level. And then you allow your organizations to be all able to authenticate to the self-service portal. So what I'm gonna do as just a simple requester, I'm gonna go in and I I actually associated that, link that was generated within our product into the certificate management. And what I did is I was able to enable certain certificate profiles that me as Anthony Ricci, the user, can access and use. So I'm gonna go ahead and I'm gonna click on certificate management. And what you're gonna see here is you it's gonna facilitate something to Okta. So I have an Okta, IDP set up, Okta account set up for requesting. So you can see Anthony Ricci here. So I'm gonna go ahead and type in my username. Why am I using here? And my password. Hit sign in. Now it's gonna prompt me for authentication. So I'm gonna go I set it up for two factor auth. So I'm gonna go into my Okta app. That's what I'm doing here at the moment. Queue in jeopardy. Alright. K. Now I'm authenticated on my phone and I need to type this in. And now I authenticate in into my own little portal. And this this allows me to see the certificates I've issued. You can create, authorization to do revocation if you want or suspensions, but you can also allow these customers to go and, generate certificates. So you can see here, I'll just drive into a workflow that, that I'm allowed, and it can go through our approval flows to kinda give you that capability. So I can go in here and say, hey, Anthony Ricci. I'm gonna create, a new certificate, and this will be your privately trusted certificate. You can see here I have metadata associated with this request. That'll be associated to this certificate. And, again, I just said call center. The beauty too is our solution has the capabilities to, you know, in in this case, like SAML, we can do that assertion, and there might be certain attributes associated to Anthony Ricci. We can prepopulate some of this information if we know what those attributes are part of that assertion. So I can, you know, in this case, mitigate a lot of the, you know, the the issues that a customer or, like, a a non administrative user may have when they're entering their data. I'm sure that happens a lot for a lot of organizations. You sit here. I can submit it. Now there are a variety of ways that we can deploy and deliver the certificate, you know, whether it's being able to kinda generate it through your browser. We have a product called, DTA, which is Digital Trust Assistant. So it's it's kind of a an enhancement to traditional auto enrollment that you may expect, using something like active directory. We have the capabilities to really drive automation end to end automation for, like, a workstation, for example. Let's say if you're deploying, like, an SMIME certificate and you want your cost you want your employees to, you know, request and issue, an entrust or not entrust, but a s mine certificate. Well, this is the key we have the capabilities to kinda allow you to do that, be able to kinda generate and deploy it into a key store, even a smart card or, like, an HSM device that you maybe, you know, prefer that you tie into your, into your workstation to kind of provision, you know, the key pair and then generate that certificate. So we have a variety of ways that we can kinda manage some very secured workflows as well as being able to kinda drive it into maybe in the device, trust store or certificate store if they need to, in this case, Windows. You can do that too. So, again, if you think of Trust Life Cycle Manager for your use cases, whether it's server side automation, kinda managing your web servers to your, you know, load balancers, your cloud based environments, maybe managing your Kubernetes environments for certificates on the ingress or internal, all the way into secured workforce where you may be deploying it using, you know, whether your your management of, you know, domain joined users as well as non domain using, like, some MDM solution like Intune or MobileIron. TLM gives you a lot of those capabilities to kinda manage and facilitate and be able to kinda prove all of those different use cases. So the final thing I'm going to cover today well, let me just show you. I showed you the portal. Right? And, I showed you the the ways that you can kinda generate. In this case, as a user, I have two different types of certificates I can issue. I can do public TLS, CSR based. Doesn't have to be CSR based, but in this case, it is. And then, this is, just your trust as mentioned. So I have it running on my machine so I can kinda generate and manage those certificates. The last thing is we have customers that come to us and saying, well, I love the self-service portal features or, you know, I but what I really need is for you to tie into my ITSM. In a lot of cases, it's ServiceNow. So there may be some needs that you want to be able to kinda facilitate those, those ServiceNow requests. So Digicert does have, the we have built like, within the product, we've built a solution that is extendable that you can use our ServiceNow application to kinda support a lot of your requests within your environment. So if I go ahead and pull that out one second. So it's so if I go in here and I'm gonna go into the Digicert, it's called trust life cycle manager, and we tie into we'll tie into the dashboard. You can see here, you know, we have the capabilities to kinda manage those requesters that are within ServiceNow. So the application, in this case, I'm an administrator so I can see this part. But I can go in and drive into, the different types of certificates that I have issued. I can manage them from here. And this is all within ServiceNow. Right? And give you the capabilities. You can download the certificates. You can see some of the information here. You can actually make the requests in here as well. So if you look at the pending certificate requests, these are all administered from Trust Life Cycle Manager and give you the capabilities to kinda really just manage and deploy certificates as you need within your environment. So I can, like, in this case, request a certificate. Now you could see I have a variety of different certificates here. This this is all managed and controlled by you, you know, or your administrator. And we also have the capabilities to kinda limit what your requesters can see. So similar to, like, our self-service portal, we limit access to certain certificates that they can issue. Maybe they can issue, you know, internal, signing certificate, or they need to issue and and improve maybe a public certificate that they're issuing on one of their servers. You can do that. You have all that control and it's all managed through Trust Life Cycle Manager and then we synchronize to ServiceNow to give you the capabilities to kinda manage that environment. So as you can see, like, if I wanted to pull, like, a Secure Site Pro, I can fill that information out here, submit the request, and then you have certain requesters that, need approval, and you have that capability to do so within the product. The other way, we have customers. So we understand that, you know, may you know, the workflows that we built here are nice and it's really easy to kinda plug and play feature, but we have some very customers that have some highly complex workflows. For example, they say, okay. One one approver is not gonna be enough, maybe multiple. We have different categories in how we do our lookups through our workflows to kinda enable and deploy that. Well, the good news is we built in if you and most of you probably are not ServiceNow, you know, ServiceNow administrators. But within the service management solution, everything's built on what's called the task framework, which gives you that approval look and feel when you're in the product. So and you can build, like, customized workflows to kinda drive different automations or or, workflow approval workflows based on information that you have within your ServiceNow environment, or you're driving it from, like, a service catalog, you know, using that workflow. Variety of ways that ServiceNow enables that. So we embraced that as we built the product. So we have like standard workflows that we have here that you can modify and manage within your organization. So in this example, kinda use a very traditional sense of what a lot of our customers look at is kinda driving using the service catalog. So I can go in here and I just need a simple, and this could be and this is obviously a demo. Right? So but we can kind of facilitate and and drive a variety of different workflows based on what your organ how your organization is using that ITSN. In this case, I'm just gonna put in a common name. Now I'm gonna do a CSR based enrollment, but it doesn't have to be that. We can do some type of, like, more automated type of solutions. We have those capabilities too. It's just dependent on your organization and how you wanna manage it. But in this case, I'm gonna put a CSR in here. And, again, this is a simple simple case. So I'm gonna put the CSR. Now I'm gonna go and plug in, an administrator but or an approver. But just remember that, you you know, you can drive how you look up the approver. You know? So for example, it could be, Beth could have, a manager tagged within her identity within ServiceNow. We can look that up, drive it. Maybe her department has an approval. Maybe has to drive to the SRE team for them to approve for certain types of certificates. The world is your oyster when it comes to configuration and customizing within the, flow designer within ServiceNow. So it gives you a lot of different capabilities. I'm just kinda basically touching the top here when I do this. So I'm gonna just do an easy submission. Right? So the system administrator made the request. Now I'm gonna drive into, and I'm gonna I'm gonna go ahead and emulate. I'm gonna impersonate within the product table, which is the actual approver. And in this case, I'm really just kinda driving into the standard workflows that you have within ServiceNow. Right? So as Abel, I'm gonna go into my, my portal, my SP portal that I created. I created this little DigiCert portal. What you're gonna see is Abel will have notifications at the top here that says approvers. So again, as I mentioned, we we're tying into the kind of the ServiceNow framework here to kinda manage and mitigate. So it allows you to kinda leverage it just like you would leverage any other type of IT asset that you're managing within the product. And and you can see here, you can see it, and, mister system administrator, I'll say, yes. You can have a you send him a message so he's aware, and I'll go ahead and approve it based on what I see. And again, you can just capture a variety of different data to kinda support. You can see it's been approved, and it's very easy and just you can facilitate some very good workflows here. So it's just really easy for you to manage. You could see that it's closed complete and, that this administrator will get a notification with that to download their certificate, and it's easy as that. So these are different ways that you can kind of enable and, deploy certificates, based on ServiceNow. Again, we have a very rich, set of APIs. So maybe there if there's a bespoke request or you have a different ITSM that you wanna support, we're more than happy to kinda, you know, engage those conversations and kinda help you kinda carry carry the the flows forward so you can not only be able to issue and deploy certificates, you can actually maybe facilitate automation within your environment. So we have a lot of customers that kinda focus on those aspects of their environment to kinda manage, whether they're managing on a server or they're looking to kinda deploy certificates, for their, for their environments. So so that will bring me to the end. Oh, yeah. So I did show everything. So this is an example of the the service catalog and, of course, I showed you the application that you can download, you know, from Digicert to kinda facilitate and manage against your trust life cycle manager instance. And I'll go ahead and pass it to Taylor. Taylor is gonna be kind of fielding any questions and then asking me, any questions that you have. So Yes. Awesome. That was amazing, Anthony. We've got a ton of questions coming in. So we're gonna do our best to get through these in the next fifteen to twenty minutes. But like I said, if we don't answer them, we will have somebody reach out afterwards. But let's go ahead and get started. Okay. The first one is, this was during the configuration, portion of it. They said, can that replace the Microsoft root certificate authority in AD? Absolutely. So we actually have what's called our auto enrollment server, which think of it as a gateway. So So a lot of customers are looking to kinda offload their ADCS environment and bring it into a managed service. Few few benefits to this are around, you know, basically spinning up the CA, creating the enablement and deployment, and then our auto enrollment server, which emulates, a micro an ADCS environment within that domain and any trusted domains that can talk to that CA and then and then facilitate auto enrollment. You know, you use, you know, GPO or even talking directly to the CA. So a %, and it's very secure because we back everything, you know, with, you know, network HSNs behind the scenes. PK operations goes through their, you know, rigor control rigorous controls in terms of management for the key ceremonies. If you have your root CA stored offline and you wanna use that and then use that to sign the CAs that we spin up that you're gonna use within those environments, you can absolutely do that. We have customers that want everything. They want us to spin up their root CAs, store them offline securely, and then spin up their, their CA environments, and then facilitate any auto enrollment that you need to do within your environment. Awesome. The answer to that is yes. Yes. We can support those. Awesome. Okay. The next one is can it discover all possible SSL certs in the whole on prem environment? So that's a great question. And, you know, I mentioned earlier that we look at, we look at discovery and scanning. Discovery scanning or network based scanning is one of many ways that we can kind of look at your environment. So from a TLS or SSL side of things, we if we we have access to, like, you know, subnet or range by piece, we can absolutely do that. But we also sometimes those certificates may not be resigning or maybe not be bound. You might wanna look at the certificate store. So you might leverage a multitude of different discovery sources. Like, we we can drive into a service like I showed you where we can do what's called system based discovery, which can do file based recurse recursive discovery within your environment. It'll look at your file directories within that server as well as it it like, for example, like, for Microsoft, it'll look at CAPI or the, you know, trust certificate store for that server and pull those in as well. So a a variety of ways for us to do it. And then, of course, if you're using Qualys or Tenable, we can pull those in. So really, you know, gives you a way to kinda uncover and and look at a variety of different, a variety of different systems. Now, also, with our solution, when we talk about automation, which I was showing you earlier, you have the capabilities to kinda tie into a web server, which we actually look at the certificates that are bound to the services from there as well. So not only will we find certificates that we issued, we'll find certificates from third parties. We'll find certificates that make self signed certificates, bring them into the product so you can kinda do that switch and change those as well. So the question is, we have the capabilities to find a lot of different things using our discovery solutions. I'd be more than happy to get on a call and talk through some of the use cases that you have within your environment to make sure that we're, we can support all of your use cases. But the product is extensible, so there sometimes are certain edge cases that we need support, but it's really easy for us to kinda tie those in. Awesome. Okay. Our next one is how many clients per collector and can the collector scan all ports or only configure ports on a network segment to discover any certificates that may have been created or are or and are unknown? So, it is dependent on, we have a technology called our sensor service. And the sensor is runs it runs as a service and it's a remote scanning solution. If we're talking network scanning, by the way, so let's assume that's what that's what we're doing. We're scanning, you know, IPs and ports. And we have access to those subnets and we can talk to them from the sensor. The sensor can collect a variety of different data. Now some customers want to deploy or need you know, have certain time frames. So depending on, you know, how many IPs we're we're gonna hit, how many ports you need to access, you know, we give you standard ports, but a lot of customers have a variety of of other ports, or maybe scan every port possible, which is very exhaustive, search. So there's a lot of ways to kinda configure the product to be able to kinda support your use cases. But you may run multiple scanners, right, in that environment to kinda speed up those, the the the searching. So it just really depends on what you're trying to accomplish during your network scanning that and then we would give you recommendations and how to approach it. But the the answer is, you know, the the possibilities are endless. It's just a matter of time in terms of being able to kinda search for the the data that you're looking for. Okay, Taylor. Okay. The next one is You're doing fantastic. So thank you. Perfect. As are you, Anthony. These are some really good questions as well. Okay. The next one is, is Azure government supported? So Azure government, if you're talking FedRAMP, we are in process of going through our FedRAMP requirements to kinda support the offline government Azure instances. So if it's not FedRAMP, if you're looking at other instances, let's let's have that conversation. So I don't wanna necessarily say yes or no. It just depends on what you're trying to manage. You know, public TLS, I think, is is okay for those environments, but I think when it when you talk FedRAMP requirements, you know, there there are some, you know, assure you know, like, high assurance and low assurance or high assurance and medium assurance. But the high assurance, you know, either you have to be within the audit of the company that's running the FedRAMP environment or you need to be able to issue and deploy outside of it. But we do have some Azure gov add Azure is it Azure government environment where we do manage different types of workflows. So I think there's a lot to unpack on that question, and I'd love to be able to kinda bring in the right people to kinda talk to it appropriately. Awesome. Okay. The next question we have here, is are there plans for Rapid7? Yes. There is. It's on the road map. That's our next, scanning solution that we're implementing. Actually, we have a number of customers asking for it today. So we have it, you know, Asif Corel, which is our product owner for trust life cycle manager. He has it on his road map for the next quarter, which is within the next two to three months. Amazing. Okay. Next, are there automation around Tenable and resolving vulnerabilities with certificates? So we do ingest the scanning results. And, when you say resolve, it depends on what we're trying to resolve. Like, we can replace certificate like, let's say if there's, weak, key size, for example. We can facilitate automation to kinda deploy the appropriate keys or self signed certificate. Maybe wrong. Maybe it's you wanna move to, you know, post quantum cryptography. You know, with the new, algorithms getting approved, we can do switches on those as well. So we have capabilities to do it. It just depends on what your you know, what the remediation is for those, what was found for those certs. If it's not a cert base, it could be, you know, if it's the web server running at the wrong protocol like TLS 1.2, then, you know, that's a server that's a server fix, not necessarily a certificate fix. Perfect. Okay. Next one we've got is, can the system assist with the certificate renewal process given that certificate lifespans will be forty five days by 02/1927? I assume the system can actually assist with the certificate deployment process. %. And that's kinda what we do. That's what that's what Trust Life Cycle Manager does. Right? It's all about kind of not only the, you know, managing the renewal cadence for these certificates, but deployment. And we have a variety of different models that we can leverage from configuration management perspective. We've tied in obviously, you maybe not obvious, but, you know, we you know, a lot of our solutions can use, you know, SCCM from a Microsoft perspective. We've built, solutions to kinda support using Ansible, Terraform, Chef, Puppet. We have all those playbooks to kinda support your environment. And then if there are needs that are above and beyond what the playbooks are, I e you need direction, our teams will come in to kinda help you kinda facilitate the delivery and automation of those services into those environments. So provisioning is absolutely on the mindset for our cost for our customers and certainly for us, and then management after they've been deployed and are within operation. Awesome. Okay. Next one is, does this application provide the ability to enable an approval, or rejection system? So as I showed, you know, with the ServiceNow demonstration, you know, using ITSM, so if that's what you mean by approval and rejection system, we have first and foremost, we have some in built in approval flows within trust life cycle manager that you can use natively. If you are looking for an ITSM solution like Jira or ServiceNow, we're you know, trust life cycle manager is reliant on those ITSMs to be able to kind of facilitate the approvals like I showed you. So the the answer is yes because TrustLight Community will give access to the different, certificate request that you are looking for in that environment, so we'll lock it down that way. We'll enforce policy. So for example, if are allowing customers to issue I I mentioned, like, FQDNs as, like, a white listing solution. So if you have, like, a Anthony Ricci, the requester is in ServiceNow and wants to request, you know, I'm part of the Canadian region, but I'm trying to, you know, ask for an EU based FQDN. We could stop them and error them out or give them, you know, alert them that they're they're they cannot issue that certificate from Trust Life Cycle Manager and then have that centralized management structure there. So we can do policy enforcement. As far as approval workflows, they will drive within the product itself that's talking to Trust Life Cycle Manager. Hopefully, that helps. Perfect. Alright. We've got time for about one or two questions, left. Okay. The next one is, is Trust Life Cycle Manager cloud based? Is it a cloud based product, or is it something that needs to be deployed on prem? So it's a great question, and we get it a lot. You know? So it's a SaaS based offering, so we give the capabilities, and we run-in multiple regions. So with our publicly trusted certificates that we issue and private, we have different, instances that we run across the world, you know, whether you're European based, United you know, The Americas based or an APAC. So we have capabilities to kinda issue from there. We do have hybrid models. We actually are, we've developed a hybrid model where the the platform will run, you know, within our environment well, within our SaaS based environment, but be able to kinda tie in some services, you know, within your environment. So, you know, those use cases, whether it's, like, issuance or enrollment at that level, we can we can do that as well, or we will be able to do it. We're tying into a variety of different solutions to have that capability. But overall, you know, the the full the the platform, the DigiCert one, which TLM is part of, runs within our SaaS based environments. Awesome. Okay. Next one is, can it handle SMIME certificates and installation to email clients such as Outlook, Thunderbird, etcetera? Yes. So I talked about DigiCert Trust Assistant. That service that runs has a way to kinda script it. We have some frameworks around around Outlook to tie to those, clients, public and private, but we can also do other, email clients or other systems. Maybe it's a, you know, a a VPN client that you need to deploy, you know, a certificate to kinda use and be bound into that service, you can do that too. So we have scripting ways that you actually develop and deploy within TLM, and it deploys it with Digital Trust Assistant for your environment. So partially would be product, but depending on what the end service is, we may have already, like, a referenced implementation that you can leverage or, you know, our services team come in and kinda help you kinda craft a different scripting, solution or scripting module that'll get embedded into DTA for your environment. Awesome. Okay. It looks like we've got time for just one more question. This one is, in terms of finding certs from third parties, if we have a list of certs with currently unknown expiration dates due to previous lost data, would DigiCert be able to identify those certs and determine their expiration dates? If we found that certificate, we should be able to see the validity period easily because it'll be on the public part of the cert, and, that should not be a problem. If if it's just a list of those certs, I think, yeah, there's few ways we can, to find it. But, yeah, we we have access to that certificate and we can pull the public part, we will definitely have the end date for that certificate. Awesome. Okay. Well, that is all that we have time for. If we didn't get to your question, we will be following up with you in an email after the conclusion of the webinar. This was a general overview of the product. If you're interested in a personalized demo, please go ahead and click that button above that says get demo. We'd love to help you get that personalized version. Also, if you have a minute to stick around, we are gonna be sending out a survey to your screen just right now, just to help us understand a little bit more about why you were interested in joining this webinar and to learn a little bit more about you. And thank you everybody for joining us today, and thank you, Anthony, for taking the time to walk us through that and to answer all the questions. I hope that you all have a great rest of your day. My pleasure. Thank you, everyone. Have a great day.