/inventory) provides a unified view of every certificate CertForge knows about — whether issued through CertForge, discovered via CT log scanning, or imported from a CA connector. It is the primary place for classifying unreviewed certificates and ensuring everything in your environment has an assigned governance posture.
How certificates appear in Inventory
Certificates enter Inventory from multiple sources:Governance statuses
Every certificate in Inventory carries a governance status that reflects how it is being managed.
The Unmanaged count on the dashboard reflects certificates that need attention — your goal is to drive this to zero by classifying everything.
Filtering and search
The stat bar at the top of Inventory lets you filter to a governance status with one click: Governed, Monitored, Unmanaged, Externally Managed. The search field filters by domain name. Use these together to quickly find the certificates you want to act on.Bulk actions
Select one or more certificates using the checkboxes to reveal the bulk action bar. Available actions:Renewing from Inventory
The Renew → action is designed for migrating or renewing certificates that are already governed by a Trust Profile. When you select certificates and click Renew:- If all selected certificates share the same governing Trust Profile, that profile is automatically selected in the Trust Profile dropdown.
- If selected certs have different profiles (or none), select the profile manually before clicking Renew.
- CertForge creates an approval request for each selected certificate. Those requests appear in Approvals for review and decision.
- Once approved, the executor issues new certificates under the selected profile.
By Application view
Toggle to By Application view to see the same certificates grouped by their assigned Application. This view shows coverage status per application and makes it easy to identify which cert groups are unprotected. Certificates not assigned to any application appear at the bottom under “Unassigned.”Policy Suggestions (dashboard)
When the Inventory contains two or more unreviewed certificates sharing the same base domain, the Dashboard displays a Policy Suggestions card. Each suggestion groups unreviewed certs by base domain and indicates whether a matching Trust Profile already exists. Use the Assign to Trust Profile → button on a suggestion to immediately classify those certificates under an existing profile, or Review → to open the filtered Inventory view and classify them manually. Suggestions disappear automatically once all certs for that base domain are classified (no longerunreviewed).