Discovery: Install a sensor and run a scan

Discovery uses sensors to scan your network and find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). These sensors are small software applications that you install in strategic locations.

Each scan is linked to one sensor. Scans are configured to examine specific fully qualified domain names (FQDNs), IP addresses, and port combinations for the presence of TLS/SSL certificates. Configure scans to run immediately, once – at a specified time, or multiple times – on a set schedule.

These scans provide detailed information about the certificates found in your network:

  • Common name
  • Expiration date
  • Certificate status
  • Issuing certificate authority
  • Ports and IP addresses of the certificate host
  • Certificate security rating
  • Server security issues
  • TLS/SSL vulnerabilities

Scans can be used to identify the operating system of your server host, the open IP addresses and ports, and the server host of the IP addresses.

To download a pdf version of the guide, click Discovery: Install a sensor and run a scan.

(Source: Discovery Dashboard in CertCentral)