Go to Account > Settings > Discovery to configure global options for DigiCert® Trust Lifecycle Manager's discovery tools.
Let op
These settings are only available if the System Discovery and/or Network Discovery features are enabled for your account. Contact your DigiCert account representative to verify or enable this feature.
Enable the global auto-scan feature to have newly deployed DigiCert agents perform an automatic one-time system scan immediately after they get installed and activated. You select specific asset types to scan for, and each new agent will automatically find those existing assets on the local host and add them to your centralized Trust Lifecycle Manager inventory.
Tip
This feature facilitates discovery of existing assets when deploying multiple agents at once in silent mode. After the initial one-time system scan, you can edit each agent to adjust the system scan settings or to schedule recurring scans on an ongoing basis.
To enable this feature:
From the Trust Lifecycle Manager main menu, select Account > Settings > System scan.
Select the Configure auto-scan tab.
Select the checkbox to Enable auto scan.
Configure the scan settings as described below. Select Save to apply the auto-scan settings.
Select which cryptographic assets to look for, and where.
Operating system certificate store: Look for certificates in the OS truststore.
File system: Search the selected assets on the host filesystem.
Certificates, public, and private keys: Search for all certificate and key files.
Archive files and Keystores: Search for certificates and keys in archive files and keystores.
Waarschuwing
The more assets and locations you select, the longer the scan takes to complete.
(Optional) Configure options to help manage the discovered assets in Trust Lifecycle Manager.
Business unit: Assign discovered assets to a specific business unit. Administrators assigned to that business unit can manage the assets.
Tags: Apply tags to the discovered assets. Tags help you filter the assets in Trust Lifecycle Manager inventory and set up reports and notifications for them.
Use the system scan blocklist settings to specify absolute paths of files, folders, or complete disk drives to exclude from system scanning for all Linux or Windows agents. To manage the blocklist:
From the Trust Lifecycle Manager main menu, select Account > Settings > System scan.
Select the Exclusion list tab.
To add paths to the blocklist:
Enter comma-separated absolute paths in the Paths window on the left. You can enter a mix of Windows and Linux paths.
Select the Add to blocklist button to add the paths you entered to the current blocklist.
To remove paths from the current blocklist on the right:
To remove a single path from the blocklist, open the actions (three dots) menu for it and select Delete.
To bulk remove multiple paths from the blocklist, use the checkboxes to select the applicable paths, then open the Bulk actions dropdown for one of them and select Delete.
To remove all paths from the blocklist, select the Remove all link above the blocklist table.
Select Save to apply the new settings. Paths in the saved blocklist will be skipped for all subsequent system scan runs by any DigiCert agent.
Usage notes:
Use the Reset function to reset the system scan blocklist to the default paths for Windows and Linux agents.
To download the current blocklist as a CSV file, select the Export link above it.
You can manage and delete discovered assets individually or in bulk from the Inventory page in Trust Lifecycle Manager.
You can also delete all discovery data by asset type from your Account > Settings page:
From the Trust Lifecycle Manager main menu, select Account > Settings > Delete discovery data.
Use the checkboxes to select the type(s) of discovery data you want to delete:
Certificates and endpoints: Delete all discovered certificates and their associated endpoint data from your inventory.
Keys: Delete all discovered cryptographic keys from your inventory.
Select the Delete all discovery data button.
The system summarizes the total number of discovered assets that will be removed from your inventory and prompts you to confirm the operation. Select Delete to proceed with deleting the discovery data.