Public CA visibility, aligned with how PKI actually operates

When public PKI lives outside the operational view

In many environments, Public Certificate Authorities become a separate system of record. Certificate issuance, validation, and expiration data exist, but it is disconnected from the tooling used to monitor internal PKI, infrastructure health, and security events.

This separation introduces familiar problems:

• Expiring public certificates discovered too late or by the wrong team

• Domain validation failures that stall renewals without clear visibility

• Limited understanding of which products, domains, or organizations are affected

• Unclear user access and administrative ownership within CertCentral

• Notifications delivered through vendor-specific channels that do not align with operational workflows

None of these issues exists in isolation. They compound when public and private PKI are treated as different operational problems.

Public CA visibility inside PKI Spotlight

PKI Spotlight now includes a dedicated Public Certificate Authority section with native DigiCert CertCentral integration. Public certificate data is ingested, normalized, and presented using the same observability model applied to internal PKI.

This provides continuous visibility into:

• Issued certificate status, including expiring and non-standard lifecycle states

• Domain validation status and validation dependencies

• DigiCert products associated with each certificate

• Organizational context tied to issued certificates

• User access visibility to understand who can issue, modify, or manage public certificates

Public PKI is no longer a separate workflow. It becomes part of the same operational picture as certificate authorities, CRLs, OCSP, and internal trust infrastructure.

One place to see PKI events before they become incidents

Certificate-related failures rarely start at the moment of outage. They begin as state changes, validation issues, or missed renewals that go unnoticed or are routed to the wrong system.

With Public Certificate Authority integration, PKI Spotlight generates new events for DigiCert certificates conditions, including:

• Certificate expiration and approaching expiration thresholds

• Certificate status changes that affect availability or trust

• Public PKI lifecycle conditions that require intervention

These events are aggregated with internal PKI events and delivered through a single notification plane.

Notifications that align with how teams actually respond

Rather than introducing another alerting system, PKI Spotlight sources public and internal PKI events through the same channels already used by security and operations teams:

• Email notifications, including individual and digest subscriptions

• Splunk for centralized security and operational visibility

• Generic Syslog or SIEM integrations to support existing tooling

This reduces alert fragmentation and ensures that public PKI issues are visible where teams already triage incidents, manage change, and track risk.

Reducing operational risk without changing how PKI is issued

PKI Spotlight does not replace Public Certificate Authority workflows or certificate lifecycle tooling. It provides the missing operational layer that connects public and private PKI into a single, observable system.

Organizations use this visibility to:

• Detect certificate risks earlier in their lifecycle

• Reduce unplanned outages caused by missed public certificate events

• Clarify ownership across domains, products, and administrative roles

• Simplify audits and incident investigations

• Operate public PKI with the same rigor as internal trust systems

Public PKI does not exist outside your environment. Now it does not exist outside your operational view either.