Viewing Discovery Summary
To view the discovery summary:
-
Go to
(Menu) > CERT+ > CERTIFICATE
DISCOVERY > Discovery Status > On Demand.
The Discovery Status : On-demand page is displayed. Results of all previous and active discovery instances triggered are listed here.Note: When a scheduled discovery scan is triggered, it is also listed in the on-demand inventory. -
To view the summary of a discovery instance, click the discovery instance's
Name.
By default, the summary details of the selected discovery instance are displayed.The summary details are displayed in two parts:
Table 1. Certificate Discovery Summary Field Description Total Certificates Total number of certificates currently associated with this discovery instance. This includes all certificates discovered during the scan, including any that were previously known or re-identified. Discovered Certificates Number of certificates discovered in the most recent execution of this discovery instance Password Protected Certificates Number of certificates discovered during the scan that are stored in password-protected file formats Encrypted Private Keys Number of private keys found during the discovery scan that are encrypted Table 2. Certificate Summary widgets Field Description Certificate Summary This widget gives a quick snapshot of the overall certificate landscape, showing the number of newly discovered certificates and the proportion that are actively managed or monitored. Certificate Distribution by Category This widget shows the number of certificates across certificate categories. Understanding this distribution helps you identify the primary uses of certificates in your environment and potential areas of focus for management and security policies.
Certificate Distribution by Issuer This widget visualizes certificate distribution based on the issuing authority. Knowing which entities issued your certificate is crucial for trust management and for understanding your dependencies on different Certificate Authorities (CAs).
Certificate Status Report This widget provides a breakdown of certificates based on their expiration status (certificates nearing expiry, already expired, and revoked). This data is critical for proactive certificate management, enabling timely renewal and preventing service disruptions or security vulnerabilities. The number of revoked certificates is also an indicator of potential security incidents or policy enforcement actions.
Certificates by Key Algorithm Strength This widget shows certificate distrbution based on the cryptographic strength of certificate key algorithms, helping you assess the overall security posture of your certificate landscape. A high number of certificates with low or medium strength key algorithms might indicate potential vulnerabilities and the need for upgrades to stronger algorithms. Ideally, you want the majority of your certificates to fall into the high strength category.
Certificates by Hash Algorithm Strength This widget shows certificate distribution based on the strength of their hash algorithms. This assessment helps you prioritize migration of certificates using weaker hash algorithms to stronger, more secure ones.
Certificates Usage by Type This widget shows the distribution of certificate usage across all supported certificate types. The widget displays certificates grouped by type (e.g., DV, OV, EV, Wildcard, SAN, Self-signed, etc.). Since a single certificate can belong to multiple categories (e.g., an EV certificate can also be a Wildcard or SAN certificate), it is counted in each applicable type. As a result, the sum of all certificate types shown here may exceed the actual number of unique certificates discovered. This design helps you understand certificate usage patterns across categories, even when overlaps occur.
Vendor Type Distribution This widget displays certificate distribution based on the vendors of the devices or servers where the certificates were discovered. When populated, this widget would help you understand your reliance on different device/server vendors. This information can be valuable for vendor management, cost analysis, and ensuring diversity or consolidation of your application infrastructure providers based on your organisational policies. It can also help in identifying potential single points of failure related to a specific vendor.
Certificates with Trusted vs Untrusted CA Status This widget displays certificate distribution based on whether they are issued by trusted or untrusted certificate authorities (CAs). This widget is crucial for assessing the trustworthiness and security of your certificate ecosystem. Ideally, you want the vast majority of your certificates to be issued by trusted CAs. A high number of untrusted certificates can indicate potential security risks, misconfigurations, or the use of self-signed certificates where CA-signed ones are recommended. Investigating and addressing untrusted certificates is vital for maintaining a secure environment.
PQC Compliance Certificates This widget displays certificate distribution based on their compliance with post-quantum cryptography (PQC) standards. As quantum computing technology advances, the cryptographic algorithms we rely on today may become vulnerable. This widget helps you understand your organisation’s readiness for the post-quantum era. A high number of non-compliant certificates signifies a potential future security risk, and planning for migration to PQC-compliant algorithms will be essential in the long term. Currently, with all certificates marked as non-compliant, it highlights an area to monitor and prepare for as PQC standards and implementations evolve.
MTLS Adoption Report This widget displays the number of endpoints (IP:Port combinations) with Mutual TLS (mTLS) enabled, as detected during network-based discovery. Mutual TLS ensures both the client and the server authenticate each other using certificates, adding a stronger layer of security over standard TLS.
