About Generational Management

Trust Protection Platform's Generational Management feature helps to clean up old certificates no longer used by their associated devices while also providing a backup of the certificate on the device.

Generational Management creates and uses generational credentials to store the credentials required to remove a certificate and private key after they are replaced. It is a transient credential that is updated every time Trust Protection Platform renews a certificate and private key pair. You do not need to do anything to a generational credential object; in fact there are no configurable options on a generational credential object. They are credentials used simply to ensure that old version of the same certificate can be deleted from a device automatically.

In addition, Generational Management is designed to ensure there is always a backup left on the device—one previous generation of the certificate—so that in the unlikely event that a rollback is necessary, it can be performed quickly by a device administrator and can make use of the same certificate that was known to work previously.