Manage certificate trust chain
🚧 This feature is currently in development.
You can manage the certificate trust chain of root and intermediate certificates (Root of Trust) for your system.
Manage systems
Click the Systems item in the sidebar. This will display your available systems.
Click the Certificates link on a system card. This will display the root and intermediate certificate trust chain for the selected system.
Click any certificate to view its details.
Certificates
Each certificate card displays on the right under the filter bar. By default, the first certificate in the list is selected. The current selection is indicated by a blue background and a blue selection bar on the far left of the card.
Certificate types
Guardian can use two types of certificates to secure devices:
Standard x.509 certificates: This is the certificate type used in our out-of-the-box system configurations.
Medcrypt-proprietary certificates: We also can provide our proprietary certificates that are specifically designed for medtech use cases such as memory constraints.
Certificate statuses
Pending validation: This certificate has not yet been validated.
Active: This certificate is active and is not nearing expiration.
Expired: This certificate has expired and needs to be replaced.
Expires (timeframe): This certificate is nearing its expiration date and should be replaced soon. It is currently still active. It indicates the number of days, weeks, or months until a certificate expires. Any certificate that expires in under 6 months will display this status.
Suspended: This certificate has been suspended.
Revoked: This certificate has been revoked. View the certificate details to see the reason for revocation.
Certificate details
All certificates have standard x.509 fields. The exception is for device-level certificates, which have additional system details, provisioning details, and a Medcrypt certificate attributes section for context.
View certificate details and children
Click any certificate to view its details. You can click the certificate card itself or its details icon.
Root and intermediate certificates that have children will have a drop-down arrow. You can click each arrow to expand certificates individually or click the expand all icon to expand all parent certificates automatically.
Technical details section
Export certificates
Export all certificates
You can export all certificates or filter down to a subset, then export. This will export a zip file containing a .PEM file for each certificate.
Export individual certificate
Click any certificate to view its details, as well as available actions. This will display the Certificate details section.
Click the Export action link. This will export a .PEM file for this certificate.
Revoke certificates
Depending on the certificate level, you will have different revoke capabilities.
Click any certificate to view its details, as well as available actions. This will display the Certificate details section.
Click the Revoke certificate action in the Certificate details section.
In the respective confirmation panel, review the details for each certificate you are revoking.
For root or intermediate certificates, specify the revocation reason. For device-level certificates, you can specify one revocation reason for all or individual revocation reasons for each certificate.
Filter certificates
All matching items will have a blue highlight background. If root or intermediate certificates are returned, their children are also returned to provide context. These are only highlighted if the child matches the search and filters applied.
Search or filter certificates
Search box
In the search box drop-down, you can select All certificates or a certificate level, as well as search on the certificate common name.
Filter panel
Click the Filters drop-down to filter on system, device, and certificate information.
Change date formatting
By default, device provisioning data is displayed in UTC time and in dd mmm yyyy format. You can change this to display ISO format and/or to show dates in your local time.
To change the date formatting, click the Settings drop-down in the toolbar.
Toggle the respective date settings, which will automatically apply.
FAQ
How will we know when certificates expire?
You can filter on certificate status and expiration date, as well as view details for any certificate.
Last updated
Was this helpful?