Skip to main content

Discover unmanaged certificates in cloud environments

Use Discovery to scan cloud environments and network endpoints to locate certificates installed on servers, applications, and services. Discovery sensors scan configured hosts, ports, and fully qualified domain names to identify certificates and associated deployment details.

What Discovery identifies

Discovery provides the following information for each certificate found:

  • Common Name

  • Expiration date

  • Issuing certificate authority

  • Server host and endpoint

  • Associated ports and IP addresses

This visibility allows administrators to locate certificates not yet managed through CertCentral automation regardless of which certificate authority issued them.

Configure a Discovery scan

  1. In the CertCentral main menu, go to Discovery > Manage scans.

  2. Select Add scan.

  3. Enter a name for the scan.

  4. Select the sensor to use for the scan.

  5. Configure the scan targets:

    • Enter the IP addresses, hostnames, or FQDNs to scan

    • Configure the ports to scan

  6. Set the scan schedule: run once or on a recurring schedule.

  7. Select Save and run.

Review scan results

  1. In the CertCentral main menu, go to Discovery > View results.

  2. Review the certificates identified in the scan.

  3. Filter results by expiration date, issuing CA, or host to prioritize certificates for automation.

Notice

Discovery identifies certificates issued by any certificate authority and is not limited to only DigiCert certificates. Use the issuing CA filter to identify third-party certificates that may need to be replaced with DigiCert certificates before automation can be applied.

What's next

Analyze certificate inventory to improve automation coverage to determine which discovered certificates to prioritize for automation profiles

In deze sectie: