Using network discovery

Venafi Trust Protection Platform™'s Network Discovery feature provides an easy and convenient way to inventory your network’s SSL certificates and SSH server keys.

During a network discovery, the Discovery server scans designated IPv4 address ranges and ports to identify SSL certificates or SSH public keys. You can also perform an instant discovery on an individual IPv4 or IPv6 address and port. During the scan process, Trust Protection Platform sends SSL and SSH requests to the target ports at the designated IP addresses. If the server responds, Trust Protection Platform retrieves the server’s certificate or SSH public key.

Network Discovery identifies where SSL certificates and SSH servers are deployed and provides valuable information. In the case of network SSL certificates, the discovery scan identifies the certificate common name (CN), the IP address of the server where the certificate is located, the certificate expiration date, and the CA. In the case of SSH server keys, the network discovery identifies where SSH servers are deployed and whether those servers are configured in compliance with corporate folders, including key lengths, protocol versions, supported authentication methods and other information.

The discovery results update each time the discovery runs, giving you a centralized, always-current inventory of certificates, SSH systems, configuration information, keys and trust relationships.

As discovery runs, it can place the discovered certificates and public SSH server keys under management in Trust Protection Platform. This is the fastest and easiest way to bring encryption assets under management. This placement happens for items as they are discovered, thus during a discovery it is not uncommon to see items appear in management before the discovery job is complete.