About Generational Management
TLS Protect's Generational Management feature helps to clean up old certificates no longer used by their associated devices while also providing a backup of the certificate on the device.
Generational Management creates and uses generational credentials to store the credentials required to remove a certificate and private key after they are replaced. It is a transient credential that is updated every time TLS Protect renews a certificate and private key pair. You do not need to do anything to a generational credential object; in fact there are no configurable options on a generational credential object. They are credentials used simply to ensure that old version of the same certificate can be deleted from a device automatically.
In addition, Generational Management is designed to ensure there is always a backup left on the device—one previous generation of the certificate—so that in the unlikely event that a rollback is necessary, it can be performed quickly by a device administrator and can make use of the same certificate that was known to work previously.
NOTE TLS Protect lets you provide the credentials for the current certificate and private key in the application object’s Set/Change menu. (You need to provide the values in the Set/Change menu only if the current certificate and private key were not installed by TLS Protect.)
NOTE It’s important to avoid renaming or deleting a generational credential. Doing so could result in the elimination of required data drivers needed for Generational Management. While Trust Protection Platform manages generational credentials automatically, users are cautioned against making manual changes to these credentials.