Trust Protection Platform can manage both network and local X.509 certificates. Using Network Discovery, administrators can identify their network’s functional SSL certificates (the certificate must respond to a network SSL query) and bring those certificates under management. Trust Protection Platform can manage network SSL certificates at the Monitoring, Enrollment, or Provisioning levels of certificate management.
Using Agent Discovery, administrators can discover X.509 certificates in local file systems and keystores, then bring them under management for Monitoring. When a local certificate is brought under management, Trust Protection Platform monitors the certificate and provides current information on the certificate status. When a certificate nears the end of its lifecycle, Trust Protection Platform provides notifications so you can manually renew and install the certificate before it expires.
The difference between network and Agent Discovery is that Network Discovery can only discover certificates that respond to SSL queries on designated IP addresses and ports, whereas the Trust Protection Platform Agent can discover certificates located in the file system or keystores.
The following sections outline the steps required to enable both network and local certificate management in Trust Protection Platform: