Excluded Certificates

Excluded Certificates are certificates which have been deleted from the database and excluded from all Keyfactor Command functionality. These certificates will be skipped during a CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. synchronization or manual import. Users with appropriate permissions (see Certificates permissions) can use the certificate search grid to exclude certificates (see Delete And Exclude). Use this grid to monitor or re-include such certificates.

Important:  When a certificate is deleted with exclusion, it will not be re-imported during a CA synchronization or add certificate task. However, it will be re-imported if it is found on an SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scan or in a certificate store configured for inventory. This ensures that certificates that are still used in the environment are still tracked. A query parser, IsExcluded, is included on the certificate search grid that returns any certificate that exists in both the certificates table and in the exclusion list.

The table can be sorted by each of the columns: Issued CN, Thumbprint, Date Excluded , and filtered by the columns: Issued CN, Thumbprint, Date Excluded, Excluding User.

Use the Re-Include action button at the top of the grid to remove the selected certificate(s) from the excluded certificates table, thus allowing them to return to the Keyfactor Command database on the next CA synchronization or manual import. If a certificate is re-included, associated data (e.g., metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates.) will not be re-included when it is imported on the next CA synchronization.