Managed Devices Scan

A managed devices certificate scan involves scanning and managing digital certificates on organizational devices to maintain security and prevent incidents. AppViewX’s feature manages the entire certificate lifecycle on devices like ADC load balancers, servers, and firewalls, from discovery to renewal, revocation, and removal. This section details how to discover certificates, using SSL profiles and virtual servers to gather and retain certificate information.
Note: The chapter on Certificate Actions, in this guide, talks about how AppViewX manages the lifecyle of the discovered certificates.
Important: For devices with integrated gateways, discovery is performed in batches of 500 certificates.

Initiating a Managed Devices Scan

For Managed ADCs

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 1. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 2. Field descriptions for on-demand discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 3. Field descriptions for scheduled discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 4. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Managed ADCs.
    Devices window A list of all the managed ADC devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *Discovery Type From the following options, select one:
    • All Certificates: Select this to discover all certificates.
    • Certificates in Use: Select this to discover only those certificates that are associated with a service.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 5. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.

For Managed Servers

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 6. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 7. Field descriptions for on-demand discovery
      Field Description
      *Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 8. Field descriptions for scheduled discovery
      Field Description
      *Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Time Zone Select your time zone.
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 9. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Managed Servers.
    Devices window A list of all the managed server devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Search: Enter keywords to filter and select the desired vendor or device name from thematching results.
    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *Discovery Type From the following options, select one:
    • All Certificates: Select this to discover all certificates.
    • Certificates in Use: Select this to discover only those certificates that are associated with a service.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 10. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.

For Managed MDMs

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 11. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 12. Field descriptions for on-demand discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 13. Field descriptions for scheduled discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 14. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Managed MDMs.
    Devices window A list of all the managed MDM devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 15. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.

For Managed Firewalls

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 16. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 17. Field descriptions for on-demand discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 18. Field descriptions for scheduled discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 19. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Managed Firewalls.
    Devices window A list of all the managed firewall devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 20. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.

For Managed WAFs

  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 21. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 22. Field descriptions for on-demand discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 23. Field descriptions for scheduled discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 24. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Managed WAFs.
    Devices window A list of all the managed WAF devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 25. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.

For Internal Devices

Internal Category discovery will pull certificates from the Cloud Connector Gateway, and it will also discover the mTLS certificate.
  1. Go to (Menu) > CERT+ > CERTIFICATE DISCOVERY > Discovery > Managed Devices Scan.
    The Discovery : Managed Devices Scan : Add Discovery page is displayed.
  2. To initiate a managed devices scan, enter the Discover Details.
    1. To specify the frequency at which the certificate discovery scan will be triggered, select the Discovery Run Type.
      Table 26. Discovery run type options
      Field Description
      On-demand The certificate discovery scan will be triggered manually by the user as and when required.
      Scheduled The certificate discovery scan will be triggered automatically at the specified time and date.
    2. Enter the details for initiating an on-demand managed devices certificate discovery scan.
      Table 27. Field descriptions for on-demand discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters

      OR

      Enter the details for initiating a scheduled managed devices certificate discovery scan.

      Table 28. Field descriptions for scheduled discovery
      Field Description
      Discovery Instance Name Enter a name for the discovery instance.
      Description Enter additional details related to the discovery option.
      Note: Character limit: 2000 characters
      Occurrence Type
      From the dropdown list, from the following options, select an occurrence frequency:
      • Daily
      • Weekly
      • Monthly
      • Yearly
      *Repeat On
      Note: This field is displayed only when Occurrence Type = Weekly.
      Select the checkbox corresponding to the day of the week on which you want the discovery occurrence to repeat.
      *Starts On Click (Calendar widget) to select a date to start the scheduled discovery.
      *Ends From the following options, select when the scheduled discovery is to end:
      • Never: Discovery never stops.
      • After: Discovery stops after the number of occurrences specified in the text field.
      • On: Discovery stops on the date selected using (Calendar widget).
      Summary Displays a summary of the selections made for scheduled discovery
      *: Mandatory fields
  3. In the Discover By section, enter the discovery details.
    Table 29. Instruction for discovering certificates
    Field Description
    *Discovery From From the dropdown list, select Internal.
    Devices window A list of all the managed internal devices is displayed in the devices window.

    To select devices for certificate discovery, select the checkbox(es) for the required devices.

    The devices window has the following option:

    • Add as Favorites: You can mark your frequently used devices as favorites.
    • All: Select this to see the complete list of devices (unfiltered).
    • Selected: Select this to list only the selected devices.
    • Unselected: Select this to list only the unselected devices.
    • Delete: Delete the required devices from the favorites list.
    Execute Batches Sequentially To execute the discovery operation on the specified batches sequentially, select this checkbox.
    *Interval Between Batches If Execute Batches Sequentially is selected, enter an interval duration (in minutes) in this field. The sequential execution of the batches is spaced according to the interval value entered here.
    *Discovery Type From the following options, select one:
    • All Certificates: Select this to discover all certificates.
    • Certificates in Use: Select this to discover only those certificates that are associated with a service.
    *: Mandatory fields
  4. In the Discovery Rules section, from the Associate Rule dropdown list, select a rule that will be used to filter the discovered certificates.
    A set of filters is combined to create a rule, from the Rules menu. The selection of rules will apply respective filters on discovered certificates.
  5. In the After Discover section, enter the following details:
    Table 30. Field descriptions for the After Discover section
    Field Description
    *Move Certificate to Inventory with Status Select from one of the following options:
    • Do not move: The newly discovered certificates and their objects will not be moved to the inventory.
    • Managed: The newly discovered certificates and their objects will be moved to the inventory with the status set to Managed.
    • Monitored: The newly discovered certificates and their objects will be moved to the inventory with the status set to Monitored.
    Use Access Control Rule To apply the rule configured using Access Control, select this checkbox.
    Note: If this checkbox is enabled, the certificate group will be associated automatically by the rule in access control.
    *Certificate Group From the dropdown list, select a certificate group to which the discovered certificates will be associated.

    Based on the group association, a policy will also be applied to these certificates, which will help ascertain compliance or non-compliance.

    *: Mandatory fields
  6. Click Discover/Schedule to trigger the on-demand/scheduled discovery, respectively.
    The discovered certificates are displayed in the certificate inventory.