Certificate Discovery and Management
Effective certificate discovery can essentially be broken out into three different capabilities:
- Direct CA Integration
- SSL/TLS Discovery
- Certificate Stores
Direct CA Integration
The first certificate discovery method involves integrating with not just your on-premise certificate authorities, but also third-party certificate authorities. This will allow your to bring all of your inventory into one place right from the source.
Direct synchronization with CAs allows you to request new certificates, revoke them, renew them, and renew them prior to expiration.
Having a direct integration to your CAs is a great first start, but it won't give you visibility into where those certificates are located on your network. Furthermore, developers and admins will often go out and request certificates from CAs that you might not be managing.
SSL/TLS discovery capabilities allow you to map certificates to your network topography and schedule scans to inventory certificates and ensure that they are still at the endpoints where you expect them to be.