The Discovery Scanner scanning tool finds the certificates exposed on IP ports of your corporate network, usually TLS certs. Typically, you will:
- Download Discovery Scanner from the Entrust website: https://www.entrust.com/resources/certificate-solutions/tools/entrust-discovery-scanner
- Set up one Discovery Scanner for each network you wish to scan.
- Configure scans to instruct the Discovery Scanner on the network range and ports to check.
Thus, each Discovery Scanner can run multiple scans, and you can run as few or many scans as you like. Normally, customers run one scan for each segment of their network.
The Certificate Manager Web browser interface centralizes the Discovery Scanner configuration and management. Discovery Scanners periodically connect to Certificate Manager and send up reports of the certificates found. Certificate Manager collects this information and presents it in the certificate view. Using the information collected, the administrator can track:
- The basic information derived from the certificate.
- The expiry notices (automatically created). Certificate Manager administrators can program rules for populating these notices to certificate holders.
- The domains where the certificate was discovered.
- The public certificate.
- The certificate chain.
You can also connect Certificate Manager with external scan tools using the Certificate Manager API.
To manage discovery scanners, click Find in the sidebar and select the following options.