Skip to main content

Events

Events can occur when there is a change in the lifecycle of objects (for example, change of state, performed action, etc.). Monitoring events fire as part of scheduled monitoring, when an object's state or properties require user attention.

Events are linked to a resource to specify the type of objects that are the subject of the event (e.g. certificate, discovery, etc.).

Events automation

The platform provides a sophisticated workflow system that can be utilized for automation. Each event can be associated with triggers that are executed when the event occurs. Triggers can be configured in platform settings or on an overriding resource object. To inspect what happened when triggers ran, use the Event Viewer.

Event triggers are automated mechanisms that respond to specific events within the platform and allow you to:

  • Automate responses to certificate lifecycle events
  • Implement custom business logic for event handling
  • Create complex workflow automation
  • Ensure compliance with organizational policies
  • Integrate with external systems and processes
  • Notify based on configured notification profiles

Supported events

EventResourceOverridden ByMonitoringDescriptionEvent Data
Certificate status changedCertificateRA profile, GroupNOOccurs when the certificate validation status changesCertificateStatusChangedEventData
Certificate action performedCertificateRA profile, GroupNOOccurs after certificate operation (e.g.: issue, renew, rekey, revoke, etc.) was completedCertificateActionPerformedEventData
Certificate expiringCertificateRA profile, GroupYESOccurs every hour when there are expiring certificates that do not contain a valid replacementCertificateExpiringEventData
Certificate discoveredCertificateDiscoveryNOOccurs when the certificate has been newly discoveredCertificateDiscoveredEventData
Certificate uploadedCertificateNOOccurs when a certificate is manually uploadedCertificateEventData
Discovery finishedDiscoveryNOOccurs when discovery process has been finishedDiscoveryFinishedEventData
Approval requestedApprovalNOOccurs when requesting approvalApprovalEventData
Approval closedApprovalNOOccurs after approval was closedApprovalEventData
Scheduled job finishedScheduled jobNOOccurs when scheduled job execution finishedScheduledJobFinishedEventData

Certificate Uploaded event

The Certificate Uploaded event fires when a certificate is manually uploaded to the platform. It does not fire for certificates that enter the inventory through issuance or discovery — those have their own events.

When the event fires, the platform evaluates the triggers configured for it in Settings → Events in two stages:

  1. Ignore triggers are evaluated first. If the certificate matches any ignore trigger, it is rejected and not added to the inventory.
  2. Action triggers are evaluated for certificates that pass the ignore stage. They categorize the certificate — setting its Groups, RA profile, Owner, and custom attributes — and can send notifications through the configured notification profiles.

Unlike most certificate events, Certificate Uploaded cannot be overridden per RA profile or Group. Its triggers are configured only at the platform level.

Custom attribute values supplied in the upload request take precedence: they are applied after the action triggers run and override any conflicting values the triggers set.

The upload can be processed synchronously or asynchronously. A synchronous upload returns once the certificate has been processed and added to the inventory. An asynchronous upload returns immediately, and the certificate appears in the inventory once processing — including trigger evaluation — has completed.

Rejected uploads

A certificate upload is rejected in either of these cases:

  • Ignore trigger match — the certificate matches one of the configured ignore triggers.
  • Duplicate — a certificate with the same fingerprint already exists in the inventory.

In both cases the certificate is not added to the inventory.

Ignore-trigger rejections are recorded in the Certificate Uploaded event history together with the matching ignore trigger, so administrators can see that an upload was rejected. The event history does not retain the rejected certificate's own details. To identify the specific certificate, use one of:

  • The audit logs, with verbose audit logging enabled in the logging settings.
  • The notification message produced by the configured notification profile for this event. The notification carries the event's CertificateEventData payload, which identifies the certificate but does not include the complete certificate.

Duplicate rejections are detected before the Certificate Uploaded event fires and are therefore not recorded in its event history; the duplicate is reported by the upload request itself.