π¦ Certificate Inventory
Certificate Inventory allows you to view, manage, and organize all your certificates from a central location.
Overviewβ
Certificate Inventory features:
- π Centralized certificate catalog
- π Advanced search and filtering
- π·οΈ Tagging and grouping
- π Detailed certificate information
- π Visualization and reporting
Certificate Inventory Sourcesβ
Certificate Inventory collects and manages certificates from different sources in one central location. Your system automatically performs certificate discovery from the following sources:
π‘ Network Scanningβ
Certificates discovered through automatic scanning in your infrastructure:
- TLS/SSL certificates accessible via open ports
- Web servers, API gateways, load balancers
- Regular scans on specified IP ranges or domains
- Automatic discovery on specific port ranges (443, 8443, etc.)
π Certificate Transparency Logs Scanning (CT Logs)β
Certificates discovered from public certificate logs:
- CT log scanning for domains belonging to your organization
- Detection of incorrectly or unauthorized issued certificates
- Monitoring all certificates issued by public CAs
βοΈ Certificates Signed Through Applicationβ
Certificates created and signed on the platform:
- Certificates created with Certificate Signing Request (CSR)
- Certificates signed through integrated CAs
- Self-signed certificates
- Internal CA certificates
π₯ Imported Certificatesβ
Certificates manually added to the system:
- Certificates uploaded in PEM, DER, PFX/P12 formats
- Certificate chains transferred from external systems
- Certificates obtained from third-party CAs
π Discovered from Integration Systemsβ
Certificates automatically discovered through integrated systems:
- F5 BIG-IP β’ Citrix NetScaler β’ FortiWeb
- NGINX / NGINX Plus β’ Palo Alto Networks
- Apache β’ IIS β’ Apache Tomcat
- Windows TrustStore β’ Java Keystore (JKS)
- IBM DataPower β’ HashiCorp Vault
Visit the Integrations page to add a new integration and follow step-by-step installation instructions.
Discovered Certificates Listβ
This is a detailed list of all certificates found in your infrastructure as a result of Certificate Discovery operations. This list is updated after each discovery, and new certificates are automatically added.
Key Featuresβ
The Discovered Certificates list offers powerful features that simplify certificate management:
| Feature | Description |
|---|---|
| π Detailed Filtering | Ability to search separately for each column |
| π Customizable View | Select the columns you want to see |
| π Bulk Operations | Perform the same operation on multiple certificates simultaneously |
| π€ Export | Export selected certificates in different formats |
| β‘ Quick Access | Instant access to critical information like last seen time, port, type |
Provided Informationβ
In the certificate inventory, basic information for each certificate is presented in list view. When you click on a certificate, you can access all the details of the certificate.
Information Displayed in List Viewβ
| Information | Description |
|---|---|
| Last Seen | When the certificate was last seen |
| Server | Server address where the certificate is located |
| Port | Port number on which the certificate is running |
| Type | Discovery method (Network Scanning, CT Logs, Import, Integration, Manual) |
| Subject | Certificate owner information (CN, OU, O) |
| Not Before | Certificate validity start date |
| Not After | Certificate validity end date |
Detailed Viewβ
SecTrail CM parses certificates and stores all information. In detailed view, you can access all fields in the X.509 standard (Subject, Issuer, Serial Number, Public Key, Extensions, Fingerprint, Certificate Chain, etc.) along with discovery source, related systems, and usage history.
Bulk Operation Capabilitiesβ
Bulk operations that can be performed from the list:
- β Change Status - Bulk update status of selected certificates
- π€ Export - Export selected certificates (CSV, Excel, PDF)
- ποΈ Delete - Clean up certificates no longer in use
- π Create Signing Request - Generate signing request (CSR) for renewal
Get Startedβ
- π User Guide: Inventory - CA integration and configuration steps