Manage certificates
🚧 This feature is currently in development.
You can view device certificate status and revoke root and intermediate certificates, as well as all certificates for a particular device. You can export your Certificate Revocation List (CRL) for all devices from the Provisioning tab.
Select system
Click the Devices item in the sidebar. This will display the Devices page, which consists of two tabs, Provisioning and Certificates.
Select a system name from the System name drop-down on the page. You can also narrow down results by selecting System instance or Component name from these drop-downs.
Alternately, you can select a system name from the Select system name drop-down in the breadcrumb trail.
You can currently only select one system name. Contact us if you need to view multiple systems simultaneously.
Click the Certificates tab. This will display all certificates for the selected system.
Click the Filters drop-down to filter on system instance, component, and other criteria.
Certificates
Each certificate card displays on the right under the filter bar. By default, the first certificate in the list is selected. The current selection is indicated by a blue background and a blue selection bar on the far left of the card.
Certificate types
Guardian can use two types of certificates to secure devices:
Standard x.509 certificates: This is the certificate type used in our out-of-the-box system configurations.
Medcrypt-proprietary certificates: We also can provide our proprietary certificates that are specifically designed for medtech use cases such as memory constraints.
Certificate statuses
Pending validation: This certificate has not yet been validated.
Active: This certificate is active and is not nearing expiration.
Expired: This certificate has expired and needs to be replaced.
Expires (timeframe): This certificate is nearing its expiration date and should be replaced soon. It is currently still active. It indicates the number of days, weeks, or months until a certificate expires. Any certificate that expires in under 6 months will display this status.
Suspended: This certificate has been suspended.
Revoked: This certificate has been revoked. View the certificate details to see the reason for revocation.
Certificate details
All certificates have standard x.509 fields. The exception is for device-level certificates, which have additional system details, provisioning details, and a Medcrypt certificate attributes section for context.
View certificate details and children
Click any certificate to view its details. You can click the certificate card itself or its details icon.
Root and intermediate certificates that have children will have a drop-down arrow. You can click each arrow to expand certificates individually or click the expand all icon to expand all parent certificates automatically.
Technical details section
Export certificates
Export all certificates
You can export all certificates or filter down to a subset, then export. This will export a zip file containing a .PEM file for each certificate.
Export individual certificate
Click any certificate to view its details, as well as available actions. This will display the Certificate details section.
Click the Export action link. This will export a .PEM file for this certificate.
Revoke certificates
Depending on the certificate level, you will have different revoke capabilities.
Click any certificate to view its details, as well as available actions. This will display the Certificate details section.
Root or intermediate certificates: Click the Revoke certificate action in the Certificate details section.
Device certificates: Click the Revoke all certs for device action in the Certificate details section. If you need the ability to revoke device certificates individually, let us know.
In the respective confirmation panel, review the details for each certificate you are revoking.
For root or intermediate certificates, specify the revocation reason. For device-level certificates, you can specify one revocation reason for all or individual revocation reasons for each certificate.
Filter certificates
All matching items will have a blue highlight background. If root or intermediate certificates are returned, their children are also returned to provide context. These are only highlighted if the child matches the search and filters applied.
Search:
In the search box drop-down, you can select All certificates or one or more certificate levels, as well as search on the certificate common name.
Filter panel
Filter certificates
You can filter on system, device, and certificate information.
General section
System name: Select the main system to view. This is also known as the system definition.
System instance: Select one or more system instances to view.
Component name: Select one or more components to view.
Device hardware ID: Specify a particular device hardware ID to filter on.
Provisioning details section
Toggle to view current provisioning status for all devices or all statuses the devices have moved through.
Provisioning status: Select one or more provisioning status(es). The available statuses will depend on the approval type of the system you are currently viewing.
Provisioned on: Select a date range to view devices that moved to the Provisioned status during that time.
Certificate sections
You can filter on device certificates, device leaf certificates, and intermediate certificates in their respective sections.
Certificate status: Select one or more provisioning status(es) for each certificate type you want to filter on.
Expires on: Select a date range to view which certificates will expire during that time.
Revocation reason: Select one or more revocation reasons to filter on. This filter conditionally displays if you select the Revoked certificate status.
Revoked on: Select a date range to view which certificates were revoked during that time. This filter conditionally displays if you select the Revoked certificate status.
Medcrypt certificates section:
Component handle [text field]
Environment
Expiration action
Change date formatting
By default, device provisioning data is displayed in UTC time and in dd mmm yyyy format. You can change this to display ISO format and/or to show dates in your local time.
To change the date formatting, click the Settings drop-down in the toolbar.
Toggle the respective date settings, which will automatically apply.
FAQ
How will we know when certificates expire?
You can filter on certificate status and expiration date, as well as view details for any certificate.
Last updated
Was this helpful?