SecTrail Certificate Manager automatically discovers all SSL/TLS certificates on your corporate network with advanced network scanning algorithms. Thanks to its multi-threaded structure and optimized port scanning techniques, it scans thousands of IP addresses in minutes and detects active certificates. It performs detailed discovery operations in network segments determined by CIDR notation, on customizable port lists, and on a protocol basis.

The parallel scanning engine works securely in production environments by keeping network traffic to a minimum. With SNI (Server Name Indication) support, it also discovers certificates on servers hosting multiple domains. Scan results are updated in real-time, and for each found certificate, information such as expiration date, issuer information, encryption strength, etc. is automatically analyzed and added to the certificate inventory. The discovery inventory can be updated by scanning according to Certificate Transparency Logs.

With the scheduled scanning feature, automatic scans are performed at determined intervals, and certificates in newly added systems are instantly included in the inventory. The smart discovery system, which dynamically updates the discovery scope by detecting network topology changes, reveals hidden certificates in your IT infrastructure and prevents security vulnerabilities.