Skip to main content

View scan details and results

To see details and results for existing network scans, select the scan by name from the Discovery & automation tools > Network scans page in DigiCert​​®​​ Trust Lifecycle Manager.

Scan details

Verify the scan details in the following information sections.

Scan details section

Description

Scan results

The number of discovered assets. Select the links to view the assets in your inventory.

Scan activity

Details about current, past, and upcoming scans including the start time, duration, and status of each.

General information

General configuration settings for the scan.

Scan targets

The network targets for the scan.

Scan options

Scan options including performance settings and tags for discovered assets.

Schedule

The schedule for running the scan.

Scan results

In the Scan results section of the scan details:

  • View the findings for completed scans, including discovered certificates, unsecured ports, and any trust chain issues.

  • To investigate further, select the discovered counts to load and manage the applicable records from the Inventory page.

Your account dashboard also includes data about cryptographic assets and security ratings discovered through network scans.

What data is collected?

For each discovered certificate, Trust Lifecycle Manager collects non-sensitive TLS settings and certificate properties that are accessible during a standard TLS/SSL handshake, plus deployment information about where the certificate is installed. This includes:

  • TLS settings

    • TLS protocols

    • Cipher suites

    • Handshake information

    • Security headers

  • Certificate properties

    • Certificate subject and issuer details

    • CA chain information

    • Key algorithm and length

    • Signature algorithm

    • Validity period

    • Subject Alternative Names (SANs)

    • Certificate identifiers and extensions (serial number, thumbprint, key usage, EKU)

  • Deployment information

    • IP address and port number

    • Host name and operating system

    • Application version (for example, web server or load balancer type)

How does the data get added to your inventory?

Endpoints

During a network scan, Trust Lifecycle Manager adds records to the Inventory > Endpoints table based on the scan target:

  • IP/port:

    • If it finds a TLS certificate on the IP/port, Trust Lifecycle Manager adds a record of that certificate instance.

    • The Location value for the endpoint record has the format { IP address : Port }.

  • FQDN/port:

    • SNI enabled (all ports): If it finds a certificate on the FQDN/port, Trust Lifecycle Manager adds a record for it with Location value { FQDN : Port }.

    • SNI disabled (port 443): If it finds a certificate on port 443, Trust Lifecycle Manager adds a record with Location value { FQDN : 443 }. For all other ports, Trust Lifecycle Manager does not scan the FQDN when SNI is disabled.

    • TDS protocol scanning enabled (TDS port): If it finds a certificate on the TDS port (default 1433), Trust Lifecycle Manager adds a record with Location value { FQDN : TDS port }.

    • All FQDN scans: When scanning an FQDN target, Trust Lifecycle Manager always performs a domain lookup to find any IP addresses associated with that FQDN. It scans those IP addresses, and adds a separate endpoint record with Location value { IP address : Port } for each IP address where it finds a TLS certificate.

Certificates

Trust Lifecycle Manager also adds a record to Inventory > Certificates for each certificate it finds:

  • For each certificate, it adds a single record, regardless of the number of endpoints where it's present.

  • The Common name column in the table shows the certificate common name.

  • The Instances column lists the total number of endpoint instances where Trust Lifecycle Manager found that certificate.

View the discovery data in inventory

To see the details collected in a network scan, select each certificate or endpoint record from the Inventory page.

Identify records added by the scan

Use the following column filters to help identify records added by a network scan, in either the Inventory > Certificates or Inventory > Endpoints tables. If a column is not present, use the Add Column button on the top-right of the table to add it.

Filter

Description

Source

Select Network scan to list only certificate or endpoints found through a network scan.

Business unit

If you applied a specific business unit to the scan, you can filter by that business unit.

Tags

If you used an assignment rule to apply tags to the scan results, you can filter by those tags.

Endpoint details

From the Inventory > Endpoints table, select a certificate deployment location to see discovery data under the following details tabs.

Details tab

Description

General information

Shows all deployment information found through the network scan.

Certificate details

From the Inventory > Certificates table, select a discovered certificate by common name to see discovery data under the following details tabs.

Details tab

Description

Certificate

Shows all certificate properties found through the network scan.

Security

Shows the security rating that Trust Lifecycle Manager assigned to the certificate based on the data it collected. Select the link to view detailed information about how the security rating was calculated.

Instances

Shows all the deployed instances of the certificate Trust Lifecycle Manager found. Select the links here to view the Endpoint details for each instance.

Delete discovery data

You can delete discovery data from your account at any time, using one of the following methods. Select the links for more details about each:

When you delete a discovered asset: