This document briefly compares the first and second generation of Certificate Manager. Certificate Manager lets you deploy and manage TLS certificates specifically for Google Cloud load balancers. The second generation expands this support to include Google Kubernetes Engine (GKE) workloads, Compute Engine instances, and hybrid cloud architectures. It also provides unified certificate management across your entire infrastructure.
For information about the supported load balancers, see Certificate Manager overview.
Feature differences
The following table compares the core capabilities of the two Certificate Manager versions:
| Feature | Certificate Manager (2nd gen) | Certificate Manager |
|---|---|---|
| Primary goal | Enterprise-wide certificate observability and lifecycle management | Secure load balancers |
| Central directory | Yes. All detected certificates. | Limited. Certificates configured for load balancers. |
| Multi-service support | Yes. Supports Google Kubernetes Engine (GKE), Compute Engine, Vertex AI Agent Engine, and load balancers. | No. Only supports load balancers. |
| Views | Advanced summary dashboard for tracking expiration, algorithms, and health. | List views only. |
When to use which version
Use Certificate Manager (2nd gen) to centralize certificate observability and automate lifecycle management across your entire Google Cloud ecosystem. If your goal is strictly to secure load balancer certificates, you can continue using Certificate Manager. For more information, see Certificate Manager.
What's next
- Certificate Manager (2nd gen) overview
- How Certificate Manager (2nd gen) works
- View certificate directory
- Monitor your certificates
- Create issuance configuration