Discover Certificates
Last updated
Last updated
© eMudhra. All Rights Reserved.
Discover Certificates is designed to discover and monitor all your SSL/TLS certificates, regardless of the issuing Certificate Authority (CA). It features the unique emSign Bot, capable of operating within isolated networks and protected environments to scan and gather certificate details. Scans are conducted according to predefined settings, and the results are automatically displayed on the portal interface.
Enterprise users can view the discovered certificates along with the servers where they are deployed. The Hub interface allows users to track emSign Bot scans, providing details on the last completed scan and the next scheduled scan. Users can also initiate manual, ad-hoc scans directly from the interface. The emSign platform simplifies certificate management, whether the organization handles a few certificates or thousands.
Discovery Dashboard: Provides a comprehensive overview of certificates issued via emSign and those detected by emSign Bot scans.
Certificate Results: Displays the total number of scanned certificates from various emSign bots.
My emSign Bots: Lists all emSign bots associated with the account for easy monitoring and management.
Download emSign Bot: Access and download available emSign bots directly from the platform.
The Certificate Results feature allows users to view all certificates discovered by emSign Bots. To access this page, navigate to Certificates > Discover Certificates. Upon clicking Discover Certificates, the results page will display a list of certificates, showing their Common Name (CN) or Subject Alternative Names (SANs).
Certificates Discovered via Bot
All certificates identified through emSign Bots are displayed on this screen. Users can apply filters to refine the list using Common Name (CN) or SAN.
By clicking Advanced Search, users can filter the certificate results based on:
Date Range
Location (Server/Port)
Issuer CA
Certificate Type
Expiration Date (e.g., certificates expiring within a specified period)
Certificate Details
Clicking on a CN/SAN value navigates to the Certificate Results View page, which provides the following information:
Certificate Info & Validity
Authority Information Access (AIA) details
Issuer CA information
Additional Information
Quick Actions
Account users can utilize certificate quick actions from this view, enabling fast and efficient management of discovered certificates.
Navigate to Discover Certificates.
Click on the relevant Domain hyperlink to open the Certificate Results page.
Click the “Download Certificate" button.
A download dialog will appear, allowing you to proceed with the download as shown below.
The certificate will be downloaded successfully.
After the discovery scan is complete, for all the certificates listed, in the table under Actions column Scan Vulnerabilities icon is present
Click on Scan Vulnerabilities icon, vulnerability result popup is displayed with the Certificate status.
Based on the status of the certificate further actions can be decided.
Go to Discover Certificates.
Click on the relevant Domain hyperlink to open the Certificate Results page.
Click the "Download Certificate" button.
A download dialog will appear, allowing you to proceed with the download as shown below.
The certificate will be downloaded successfully.
Setting up scan targets involves specifying the locations, systems, or assets that automated bots will scan to identify and assess digital certificates. This ensures that certificates across your infrastructure are valid, up-to-date, and correctly configured. The scan targets define which servers, applications, or networks will be monitored.
Scan targets can be configured through the following methods:
SSL: Monitor SSL/TLS certificates for expiration, configuration, and compliance.
HSM (Hardware Security Module): Scan and verify certificates stored within HSMs.
LDAP (Lightweight Directory Access Protocol): Monitor certificates in LDAP-based directories for validity and usage.
Certificate Store: Scan certificates stored within system or application certificate stores.
Cloud Providers: Identify and monitor certificates deployed across cloud environments.
File System: Monitor certificates stored in file directories for configuration and expiration.
SSH: Scan SSH keys and certificates to ensure secure access configurations.
SSL/TLS
To scan certificates from the server, the account administrator must provide one of the following:
FQDN (Fully Qualified Domain Name)
IP Address or IP Address Range
TCP Port
To add multiple scan targets, click the "(+)" button, as shown below.
Import Scan Targets from Existing emSign Bots
To import scan targets from an existing emSign Bot, the administrator can click on the "Import Settings" option.
Upon selecting "Import Settings", a modal will appear, as shown below.
The administrator can choose a bot name from the available list and click the "Import" button to proceed.
Setup up Scan Schedule
Configure the scan schedule using the following options:
On Demand: Selecting this option allows the administrator to run scans at any time, without time restrictions.
Daily: If this option is selected, the administrator must specify the scan date, time, and time zone. Once configured, the system will automatically scan the certificates from the server daily at the scheduled time.
Weekly: When this option is selected, the administrator provides the scan day, time, and time zone. The system will automatically perform the scan every week at the specified time.
Monthly: For this option, the administrator sets the scan date, time, and time zone. The system will conduct the scan on the specified date and time each month.
Stop if scan run time exceeds: Enabling this option ensures that the scan will automatically stop if it exceeds the specified time, particularly if the bot encounters issues while scanning certificates from the server.
Advanced Settings: Administrators can enable this option to access additional settings, such as multi-thread configuration and detailed scan options for enhanced control.
HSM (Hardware Security Module)
To scan certificates via an HSM (Hardware Security Module):
Upload or paste the HSM configuration.
Enter the HSM password.
Select the Certificates and Keys checkboxes as needed.
Click Start Action to initiate the scan.
To add multiple scan targets, administrators can click the "(+)" button, as shown below.
The account administrator can set up a Scan schedule as per their preference.
LDAP (Lightweight Directory Access Protocol)
To scan certificates via LDAP (Lightweight Directory Access Protocol):
Provide the LDAP URL and Container Name.
Enter the Admin DN (Distinguished Name) and Password.
Click Start Action to begin the scan.
To add multiple scan targets, administrators can click the "(+)" button, as shown below.
The account administrator can set up a Scan schedule as per their preference.
Certificate Store
When scanning certificates via the Certificate Store, the IP address of the system is automatically fetched, and all certificates installed on the system are scanned.
The account administrator can set up a Scan schedule as per their preference.
Cloud Providers (AWS)
To scan certificates via AWS Cloud Providers:
Provide the AWS User ID, Access Key, and Secret Key.
Select the desired Regions from the dropdown.
Click Start Action to initiate the scan.
To add multiple scan targets, administrators can click the "(+)" button, as shown below.
The account administrator can set up a Scan schedule as per their preference.
File System
When scanning certificates via the File System, the system’s IP address is automatically fetched, and all available certificates are scanned.
Note: Only certificates that are downloaded or extracted on the system will be detected during the scan.
The account administrator can set up a Scan schedule as per their preference.
SSH
To scan certificates via SSH:
Provide the IP address, Username and Password.
Click Start Action to initiate the scan.
To add multiple scan targets, administrators can click the "(+)" button, as shown below.
The account administrator can set up a Scan schedule as per their preference.
F5-BIG-IP
To scan certificates via F5-BIG-IP:
Provide the IP address, Port number, Username and Password.
Click Start Action to initiate the scan.
To add multiple scan targets, administrators can click the "(+)" button, as shown below.
The account administrator can set up a Scan schedule as per their preference.
Discover Certificates serves as a comprehensive tool for identifying, managing, and securing digital certificates across your infrastructure. It enables users to initiate a discovery scan, and upon completion, review the list of discovered certificates. The scan results provide key details, including the issuer, expiration dates, and usage contexts.
How to view certificates
To view the discovered certificate details, click on the CN/SAN hyperlink.
How to order certificates
Option 1: Once the certificate is initiated or configured, selecting the Order checkbox, will successfully issue the certificate
Option 2: Rotate
Once the certificate is initiated or configured, click on Rotate button, the certificate will be rotated and issued successfully.
How to download certificates
Option 1: Downloading the Certificate
After the certificate is issued, follow these steps to download it:
Click the Download icon under Actions tab.
A download popup will appear, allowing you to select the desired format to download.
Choose the format and click the Download button.
The certificate will be downloaded successfully.
Option 2: Viewing and Downloading via CN/SAN Hyperlink
Click on the CN/SAN hyperlink to open, View Discover Certificate page.
In the Quick Actions section on the top-right corner, click Download Certificate
On the top right corner of the page, under Quick Actions click on Download Certificate, the certificate will be downloaded successfully.
Format to download popup is not displayed.
How to Rekey certificate
Select the certificate with status Issued or Deployed, click on Rekey button.
Enter the remarks and click Rekey.
How to Revoke/Suspend certificate
Select the certificate, click on Revoke/Suspend button.
Select the Revoke Mode, enter the remarks and click on Revoke/Suspend button.
