Mar 11, 2026

Overview & Getting Started 

1. Who is TLS Connect designed for?  
   
   TLS Connect is designed for small and mid-sized businesses with relatively low certificate volumes. It’s best suited for environments managing up to 100 certificates. Customers with larger or more complex certificate needs should consider one of GlobalSign’s other CLM solutions. 

2. How do I login to the software?  
   
   TLS Connect does not require a traditional user login. Instead, the software is authenticated to the machine using a license key, which enables access to TLS Connect features."

3. What is a license key?  
   
   A license key is an authentication token that uses the machine fingerprint. License keys are only valid to the machine they are issued to, meaning if you want to use multiple copies of TLS Connect, you will need to purchase separate license keys, one for each machine (with the machine’s unique fingerprint). 
   
   License keys are typically valid for one year. When a license key expires, you need to request a new license key to continue to use TLS Connect. No data is lost when a license key expires. 

4. Does TLS Connect support multiple languages?  
   
   TLS Connect is only available in English. 

5. Does TLS Connect have an option for a free trial?  
   
   Yes, you have an opportunity to sign up for a 15-day free trial of TLS Connect. Speak with your account manager to understand the details.  

6. Can TLS Connect be installed on more than one machine?  
   
   Yes. TLS Connect uses a machine-based license key to authenticate each installation. You can install TLS Connect on multiple machines, so long as each installation is activated with its own unique license key. 

 

Features 

ACME 

1. How does ACME work with TLS Connect?  
   
   To use ACME with TLS Connect, you’ll need: 
   
   • A GlobalSign Atlas account (created during the TLS Connect sales and billing process) 
   • Atlas ACME credentials (API key and MAC key), available in the Atlas portal
   • The simple-acme client for Windows, installed on the target server. 
   
   Once these are in place, TLS Connect can request, issue, and automatically deploy certificates using the ACME protocol with GlobalSign’s Atlas ACME server. This capability is available for both Atlas and GCC customers. 
   
   NOTE: For GCC users, existing MSSL profiles are not used for ACME. A GlobalSign Atlas account, a new certificate license, and a new identity are required. 

2. Which ACME challenge types are supported?  
   
   The http-01 and dns-01 challenge types are supported. 

3. Can I use TLS Connect with non-GlobalSign ACME servers?  
   
   No, TLS Connect will only work with the GlobalSign ACME server. 

Automation 

1. Is TLS Connect Automation agent-based or agentless?  
   
   TLS Connect is agent-based. You generate a lightweight agent on each server where you want certificates to be requested, renewed, or deployed automatically. The agent securely performs these automation tasks on behalf of TLS Connect. 

2. What is the scope of the TLS Connect Automation solution?  
   
   TLS Connect Automation lets you build workflows that request, issue, and deploy TLS certificates using your integrated GlobalSign platform. These workflows can run on a schedule (such as a specific time of day) or at a set interval. This helps ensure certificates are always up to date without manual intervention. 

Discovery 

1. How does TLS Connect Discovery find certificates?  
   
   TLS Connect finds certificates on your network either via SSL handshake on network endpoints or by scanning the local certificate store. 

2. How often does Discovery run?  
   
   You can customize how frequently your scan profiles run. 

 

Certificate Management 

1. Can I manage any certificate issued by any Certificate Authority?  
   
   TLS Connect allows you to request and manage certificates issued by GlobalSign only. However, the built-in Discovery feature can identify certificates on your network that were not issued by GlobalSign. 

2. How does the auto-csr feature work during the certificate request process?  
   
   When you choose to have TLS Connect generate the certificate signing request (CSR), it is created locally on your machine using the Microsoft Management Console (MMC). GlobalSign never generates or accesses your private key material. 
   
   Once the CSR is created, it’s sent to the GlobalSign issuing platform to process the certificate request.

3. How are certificate renewals handled? 
   
   If you have a Standard license, TLS Connect can renew certificates automatically through its ACME solution. 
   
   If you have a Premium license, TLS Connect can renew certificates automatically through its ACME solution, as well as by running a scheduled automation task. The workflow can request/issue the renewed certificate through your integrated GlobalSign platform and deploy it to the target server or network application. 

4. What certificate formats are supported?  
   
   TLS Connect supports the most commonly used certificate formats, including PFX, PEM, and JKS. This allows certificates to be deployed to a wide range of servers and applications across Windows, Linux, and Java-based environments. 

 

Platform & Compatibility 

1. What GlobalSign Platform does TLS Connect work with?  
   
   TLS Connect works with both GlobalSign Atlas and GCC. It acts as a bridge that brings certificate lifecycle automation to users on either platform, and also helps customers transition smoothly from GCC to Atlas if they’re migrating. 

2. What types of servers does TLS Connect work on?  
   
   TLS Connect is a Windows-based application and must be installed on a Windows machine. However, it can be used to deploy TLS certificates to both Windows and Linux servers across your environment. 

3. Can I add multiple GCC MSSL profiles to the TLS Connect software? What if a profile has a certain permission applied?  
   
   You can add multiple MSSL profiles to TLS Connect to use for certificate or domain management. TLS Connect honors any permissions set in the GCC platform for these profiles. 
   
   For example, if a customer has multiple users in their GCC account, and each user has a dedicated profile with explicit permissions to a given domain, then a customer could purchase unique TLS Connect license keys so that each team member could use a dedicated copy of TLS Connect to centrally manage certificates associated with their MSSL profile. 

4. What type of GCC customer is this tool for?  
   
   TLS Connect is currently only available for MSSL customers. 

5. Do I need to IP allow-list this software in order to use it?  
   
   Yes, similar to using the GCC APIs with different front ends, when you use TLS Connect, you will need to have your IP address manually allow-listed by GlobalSign. Speak to your Account Manager to understand the details. 

 

Security & Trust 

1. Where are private keys generated and stored?  
   
   Private keys are generated and stored locally within the customer’s environment. When TLS Connect generates a CSR, key material is created on the Windows certificate store and remains under the customer’s control. 

2. Does TLS Connect send private key material to GlobalSign?  
   
   No. TLS Connect never transmits private key material to GlobalSign. Only the public certificate signing request (CSR) is sent to GlobalSign for certificate issuance. 

3. What data does TLS Connect send outside of my network?  
   
   TLS Connect sends only the data required to request, issue, and manage certificates through GlobalSign services. This typically includes certificate requests (CSRs), certificate metadata, and platform credentials needed for authentication. Private keys and sensitive key material remain within the customer’s environment. 

4. How is access controlled within the software?  
   
   TLS Connect uses a machine-based access model, not a user-based login system. Access to features is controlled through a license key tied to the machine’s fingerprint, which determines what functionality is enabled on that installation.
    

Out-of-Scope for TLS Connect 

This section describes features that TLS Connect does not currently support, reflecting the product’s focused design while allowing for future enhancements where appropriate. 

• Email Notifications 

• Multi-language support 

• Role-Based Access Control (RBAC) 

• Single Sign-on (SSO) 

• Two-Factor Authentication (2FA)