Certificate Cleanup

Automatically remove expired certificates from your Certificate Manager. Cleanup runs daily and deletes certificates that have been expired for a configurable number of days.

<Info> This setting is managed by product admins and applies to all certificates in the Certificate Manager. </Info>

Configure Certificate Cleanup

<Steps> <Step title="Navigate to settings"> Go to **Certificate Manager → Settings → Certificate Cleanup**. </Step> <Step title="Enable cleanup"> Toggle **Enable** to turn on automatic cleanup. </Step> <Step title="Set retention period"> Configure **Delete certificates N days after expiration**: </Step> <Step title="Configure options"> | Option | Description | |--------|-------------| | **Skip Certificates with Active Syncs** | Don't delete certificates that are synced to external services (AWS ACM, Azure Key Vault, etc.) | </Step> </Steps>

Monitoring Cleanup

After the cleanup job runs, the settings page displays:

Field	Description
Status	Whether the last run succeeded or failed
Last Run	Date and time of the last execution
Certificates Removed	Number of certificates deleted

Permissions

Only Product Admins can configure certificate cleanup settings.

What's Next?

<CardGroup cols={2}> <Card title="Certificate Policies" icon="file-contract" href="/documentation/platform/pki/settings/policies"> Define constraints for certificates. </Card> <Card title="Certificate Profiles" icon="id-card" href="/documentation/platform/pki/settings/profiles"> Create profiles that link CAs with policies. </Card> <Card title="Managing Certificates" icon="list" href="/documentation/platform/pki/applications/certificates"> View and manage certificates in Applications. </Card> <Card title="Certificate Syncs" icon="arrows-rotate" href="/documentation/platform/pki/applications/certificate-syncs/overview"> Push certificates to cloud destinations. </Card> </CardGroup>