The Discovery Scanner scanning tool finds the certificates exposed on IP ports of your corporate network, usually TLS certs. Typically, you will:
- Download Discovery Scanner from the Entrust website: https://www.entrust.com/resources/certificate-solutions/tools/entrust-discovery-scanner
- Set up one Discovery Scanner for each network you wish to scan.
- Configure scans to instruct the Discovery Scanner on the network range and ports to check.
Thus, each Discovery Scanner can run multiple scans, and you can run as few or many scans as you like. Normally, customers run one scan for each segment of their network.
The Certificate Hub Web browser interface centralizes the Discovery Scanner configuration and management. Discovery Scanners periodically connect to Certificate Hub and send up reports of the certificates found. Certificate Hub collects this information and presents it in the certificate view. Using the information collected, the administrator can track:
- The basic information derived from the certificate.
- The expiry notices (automatically created). Certificate Hub administrators can program rules for populating these notices to certificate holders.
- The domains where the certificate was discovered.
- The public certificate.
- The certificate chain.
You can also connect Certificate Hub with external scan tools using the Certificate Hub API.
See below for how to manage discovery scanners.