Mar 12, 2026

OVERVIEW: This page provides instructions on how to manage your Certificates using TLS Connect. At the completion of this process, you will be able to manage your Certificates in TLS Connect seamlessly with your GCC Managed SSL (MSSL) account. For more information and frequently asked questions, please refer to this page.

Domain Management 

The Domain Management sections in TLS Connect allow you to validate ownership of domains before certificates can be issued. You can view and manage domains associated with either your GCC Managed SSL profiles or Atlas accounts, depending on the issuing platform you are using. 

GCC Managed SSL (MSSL) Accounts 

Use this section to view and manage domains associated with your registered GCC Managed SSL (MSSL) profile. 

1. Open the TLS Connect application and navigate to the GCC > Domain Mgmt tab. 

2. To add a domain: 

   1. Select Add New Domain. 

   2. Enter the domain name in the Domain field.  

   3. Choose the appropriate validation method and validation level.  

   4. Click Add Domain. 

3. To verify a domain: 

   1. Click Verify next to the domain in the domains table.  

   2. A pop-up window will display the domain verification code (DVC) or verification email address, depending on the selected validation method. 

   3. Once the validation requirement is satisfied, click Verify to complete the validation process.  

 

Request and Issue Certificates 

GCC Managed SSL Accounts 

You can manually request a TLS certificate at any time using the TLS Connect application. 

1. Open the TLS Connect application and navigate to the GCC tab. 

2. Choose how the Certificate Signing Request (CSR) will be provided: 

   1. Upload a CSR that was generated externally, or 

   2. Generate the CSR and key pair directly within TLS Connect. 

3. Enter the fully qualified domain name (FQDN) for the certificate. 

4. Select the certificate type to issue: 

   1. IntranetSSL 

   2. Domain Validation (DV) 

   3. Organization Validation (OV) 

   4. Extended Validation (EV) 

5. Select the certificate validity period. 

6. Choose the key type and key size. 

7. If this request is intended to replace a valid, unrevoked certificate, select Reissue. 
   
   This option is available only when a prior order is associated with the certificate. 

   1. Click the Refresh button to allow TLS Connect to locate eligible orders for reissuance. 

   2. Select the appropriate order from the dropdown list. 

8. Add any required Subject Alternative Names (SANs) to the certificate request. 

9. Click Next. 

10. On the following screen, select: 

    1. The certificate export format 

    2. An export password (if applicable) 

    3. The file location where the certificate will be saved. 
       NOTE: JDK is required to support the JKS file format. 

11. Click Next. 

12. On the final screen, enter a friendly name for the certificate. The friendly name is a required identifier used by Windows to distinguish certificates in the Windows Certificate Store. 

13. Review the certificate request details. When ready, click Issue Certificate. 

A confirmation message is displayed once the certificate has been successfully issued.

 

Inventory 

This inventory reflects certificates issued through GlobalSign platforms, not certificates discovered via network scanning. Your issued certificates will appear in an inventory associated with your GlobalSign issuance platform (GCC or Atlas). From this view, you can: 

• See certificates that are valid, expiring, or nearing expiration 

• Sort and filter the inventory using multiple criteria 

• View detailed certificate information 

• Download individual certificates. 

Sync Database 

Use this option to fetch new or modified certificates within the specified sync window (Atlas is 30 days, GCC is 365 days).  

Export CSV 

Use this option to export the certificate inventory to a CSV file for offline review or reporting. 

 

Deploy Certificate 

The Deployment tab displays all IIS sites bound on the local Windows server, along with certificates available in the Windows Certificate Store. From this tab, you can deploy certificates to IIS sites, deploy certificates to remote targets, or export certificates for use elsewhere. 

Deploy Certificate to IIS 

Use this option to bind a certificate to one or more IIS sites on the local server. 

1. Select a certificate from the inventory list. 

2. Select one or more IIS sites to which the certificate should be deployed. 

3. Click Deploy Certificate. 

4. Once deployed, the certificate appears next to the IIS site(s) it is bound to. 

Deploy Certificate to Remote Endpoint 

Use this option to deploy a certificate to a remote endpoint. 

1. Select a certificate from the inventory and click Deploy Remote. 

2. Choose the deployment target. 

Export Certificate 

Use this option to export a certificate from the Windows Certificate Store. 

1. Select a certificate from the inventory and click the export (yellow folder) icon. 

2. Choose the export format: 

   1. PFX 

   2. JKS 

   3. PEM 
      NOTE: JDK is required to support JKS file formats. 

SSL Checker 

Use this option to quickly verify that a TLS certificate is present and active for a specific URL and port. This check confirms that the deployed certificate is being served correctly by the target endpoint. Scan results are displayed in the Logs window at the bottom of the screen. 

 

Renew Certificates 

GCC

Setting up renewal tasks in TLS Connect requires a Premium license. For more information on this feature, refer to the Automation page. 

ACME Service 

The ACME service in TLS Connect is available for GCC customers. It requires an Atlas certificate service; speak with your Account Manager for the details.

The ACME service automatically renews certificates every 55 days by default. You can view renewal status in ACME > Manage Renewals, where you may also manually renew a certificate at any time. 

If you need to adjust the default renewal interval, you can do so by updating the simple-acme configuration.”

1. Navigate to the installation directory for the wacs simple-acme client and open the settings.json file in a text editor. 

2. Update the value of the ScheduledTask > RenewalDays to the desired number of days. 

3. Save and close the settings.json file. 

The updated renewal interval is applied the next time the ACME renewal task runs.