Sectigo.com
Shop Enterprise Partners Resources

Discovering certificates

This guide is intended to introduce you to the process of creating certificate discovery tasks to discover existing certificates in your environment.

Before proceeding, please ensure you have satisfied the following prerequisites:

  • You have created a Sectigo Authentication Service (SAS) profile

  • You have created, or have been invited to, an account in Sectigo Certificate Manager (SCM)

  • Your account has an active trial or subscription

Step one: Create a certificate bucket

Certificate buckets are used to group certificates identified during certificate discovery tasks.

To create a certificate bucket, do the following:

  1. Navigate to Discovery  Certificate Buckets.

  2. Click Add New.

  3. Provide a name for the certificate bucket.

  4. Click Save.

Step two: Create a certificate discovery task

Certificate discovery tasks are used to discover SSL certificates in your networks.

To create a certificate discovery task, do the following:

  1. Navigate to Discovery  Discovery Tasks.

  2. Click Add New.

  3. Click Next.

  4. Enter your discovery task details based on the information provided in the following table.

    Field Description

    Discovery Task Name

    The name of the certificate discovery task.

    Certificate Bucket

    The certificate bucket used to group certificates discovered by the task.

    Add Scan Range

    Scan targets or ranges can be added in the following formats:

    • Hostname — The hostname of the resource to be scanned.

    • IP or IP range — The IP or hyphen-separated IP range to be scanned.

    • CIDR — The IP address in CIDR format.

  5. Click Add Range.

  6. (Optional) Add additional ranges to scan.

  7. Click Next.

  8. Select and configure a scan frequency.

  9. Click Save Task.

Step three: Assign discovered certificates for management

Discovered certificates can be assigned to SCM for management. The management functions available are dependent on the certificate’s issuing CA. Certificates issued by Sectigo are eligible for all management functions, including notifications, renewal, and revocation. Certificates issued by third-party CAs cannot be renewed or revoked but will trigger notifications about approaching expiration.

To assign discovered certificates, do the following:

  1. Navigate to Discovery  Certificate Buckets.

  2. Select the appropriate certificate bucket, and click Manage.

  3. Select the Certificates tab.

  4. Select the certificate you want to assign, and click Manage.

  5. Click Assign.

Assigned certificates can be managed from the Certificates page.