Skip to main content

Cloud scans

Cloud scans use DigiCert's cloud infrastructure to discover publicly accessible TLS/SSL certificates associated with your organization's fully qualified domain names (FQDNs) and public IP addresses, without requiring any installed sensors. These scans are ideal for identifying and monitoring external-facing certificates across your internet-exposed assets.

Each scan runs through DigiCert's hosted services. Configure the scan to check port 443 on specific public FQDNs or IP addresses. You can run the scan immediately or schedule it to run once, weekly, or monthly.

Cloud scans provide visibility into certificates issued by any certificate authority (CA), with detailed information including:

  • Common name

  • Expiration date

  • Certificate status

  • Issuing certificate authority

  • Public IP addresses and domain names where certificates are found

  • Certificate security ratings

  • Certificates using NIST-approved PQC algorithms

These scans help detect expired, misconfigured, or untracked public certificates, reducing the risk of service disruptions or security gaps.

Nota

Cloud scans support only public IP addresses and domains. To scan private/internal networks, use Network scans with DigiCert sensors.

Scan results are cached for up to 8 hours. After that, scan data expires and is no longer visible in the user interface.