Skip to main content

Discovery cloud scan service

Discovery cloud scan uses a cloud-based sensor to find your public-facing TLS/SSL certificates, regardless of issuing Certificate Authority (CA). By default, a cloud scan supports 50,000 IPs/FQDNs per scan. There is no limit to the number of cloud-based scans you can run.


To report errors related to cloud scan service, contact our Support team.

Cloud scan stores result for 8 hours. Set up a scan to get the latest information about the certificates found and the endpoints where those certificates are installed.


Cloud scans don't count against your Discovery contract. Run a cloud scan even when you've reached your scan limit.


Looking for a more robust discovery tool? Upgrade to Discovery sensor scans.

Discovery uses sensors, small software applications that you install in strategic locations, to scan your network. Using these sensors, Discovery finds all your internal and public-facing TLS/SSL certificates regardless of the issuing Certificate Authority (CA) while identifying problems in certificate configurations and implementations along with certificate-related vulnerabilities in your endpoint configurations.

Discovery sensor scans provide more robust scan configuration options and include the ability to run scans immediately, once – at a specified time, or multiple times – on a set schedule. To learn more, see the Discovery user guide . You can also contact your account manager or our Support team.