TLS Connect FAQs

TLS Connect is designed for small and mid-sized businesses with relatively low certificate volumes. It’s best suited for environments managing up to 100 certificates. Customers with larger or more complex certificates needs should consider one of GlobalSign’s other CLM solutions. 

TLS Connect does not require a traditional user login. Instead, the software is authenticated to the machine using a license key, which enables access to TLS Connect features."

A license key is an authentication token that uses the machine fingerprint. License keys are only valid to the machine they are issued to, meaning if you want to use multiple copies of TLS Connect, you will need to purchase separate license keys, one for each machine (with the machine’s unique fingerprint). 

License keys are typically valid for one year. When a license key expires, you need to request a new license key to continue to use TLS Connect. No data is lost when a license key expires. 

TLS Connect is only available in English. 

Yes, you have an opportunity to sign up for a 15-day free trial of TLS Connect. Speak with your account manager to understand the details.  

Yes. TLS Connect uses a machine-based license key to authenticate each installation. You can install TLS Connect on multiple machines, so long as each installation is activated with its own unique license key. 

To use ACME with TLS Connect, you’ll need: 

• A GlobalSign Atlas account (created during the TLS Connect sales and billing process) 
• Atlas ACME credentials (API key and MAC key), available in the Atlas portal
• The simple-acme client for Windows, installed on the target server. 

Once these are in place, TLS Connect can request, issue, and automatically deploy certificates using the ACME protocol with GlobalSign’s Atlas ACME server. This capability is available for both Atlas and GCC customers. 

NOTE: For GCC users, existing MSSL profiles are not used for ACME. A GlobalSign Atlas account, a new certificate license, and a new identity are required. 

The http-01 and dns-01 challenge types are supported. 

No, TLS Connect will only work with the GlobalSign ACME server. 

TLS Connect is agent-based. You generate a lightweight agent on each server where you want certificates to be requested, renewed, or deployed automatically. The agent securely performs these automation tasks on behalf of TLS Connect. 

TLS Connect Automation lets you build workflows that request, issue, and deploy TLS certificates using your integrated GlobalSign platform. These workflows can run on a schedule (such as a specific time of day) or at a set interval. This helps ensure certificates are always up to date without manual intervention. 

TLS Connect finds certificates on your network either via SSL handshake on network endpoints or by scanning the local certificate store. 

You can customize how frequently your scan profiles run. 

TLS Connect allows you to request and manage certificates issued by GlobalSign only. However, the built-in Discovery feature can identify certificates on your network that were not issued by GlobalSign. 

When you choose to have TLS Connect generate the certificate signing request (CSR), it is created locally on your machine using the Microsoft Management Console (MMC). GlobalSign never generates or accesses your private key material. 

Once the CSR is created, it’s sent to the GlobalSign issuing platform to process the certificate request.

If you have a Standard license, TLS Connect can renew certificates automatically through its ACME solution. 

If you have a Premium license, TLS Connect can renew certificates automatically through its ACME solution, as well as by running a scheduled automation task. The workflow can request/issue the renewed certificate through your integrated GlobalSign platform and deploy it to the target server or network application. 

TLS Connect supports the most commonly used certificate formats, including PFX, PEM, and JKS. This allows certificates to be deployed to a wide range of servers and applications across Windows, Linux, and Java-based environments. 

TLS Connect works with both GlobalSign Atlas and GCC. It acts as a bridge that brings certificate lifecycle automation to users on either platform, and also helps customers transition smoothly from GCC to Atlas if they’re migrating. 

TLS Connect is a Windows-based application and must be installed on a Windows machine. However, it can be used to deploy TLS certificates to both Windows and Linux servers across your environment. 

You can add multiple MSSL profiles to TLS Connect to use for certificate or domain management. TLS Connect honors any permissions set in the GCC platform for these profiles. 

For example, if a customer has multiple users in their GCC account, and each user has a dedicated profile with explicit permissions to a given domain, then a customer could purchase unique TLS Connect license keys so that each team member could use a dedicated copy of TLS Connect to centrally manage certificates associated with their MSSL profile. 

TLS Connect is currently only available for MSSL customers. 

Yes, similar to using the GCC APIs with different front ends, when you use TLS Connect, you will need to have your IP address manually allow-listed by GlobalSign. Speak to your Account Manager to understand the details. 

Private keys are generated and stored locally within the customer’s environment. When TLS Connect generates a CSR, key material is created on the Windows certificate store and remains under the customer’s control. 

No. TLS Connect never transmits private key material to GlobalSign. Only the public certificate signing request (CSR) is sent to GlobalSign for certificate issuance. 

TLS Connect sends only the data required to request, issue, and manage certificates through GlobalSign services. This typically includes certificate requests (CSRs), certificate metadata, and platform credentials needed for authentication. Private keys and sensitive key material remain within the customer’s environment. 

TLS Connect uses a machine-based access model, not a user-based login system. Access to features is controlled through a license key tied to the machine’s fingerprint, which determines what functionality is enabled on that installation.