About Generational Management
Trust Protection Platform's Generational Management feature helps to clean up old certificates no longer used by their associated devices while also providing a backup of the certificate on the device.
Generational Management creates and uses generational credentials to store the credentials required to remove a certificate and private key after they are replaced. It is a transient credential that is updated every time Trust Protection Platform renews a certificate and private key pair. You do not need to do anything to a generational credential object; in fact there are no configurable options on a generational credential object. They are credentials used simply to ensure that old version of the same certificate can be deleted from a device automatically.
In addition, Generational Management is designed to ensure there is always a backup left on the device—one previous generation of the certificate—so that in the unlikely event that a rollback is necessary, it can be performed quickly by a device administrator and can make use of the same certificate that was known to work previously.
NOTE Trust Protection Platform lets you provide the credentials for the current certificate and private key in the application object’s Set/Change menu. (You need to provide the values in the Set/Change menu only if the current certificate and private key were not installed by Trust Protection Platform.)