Discovering certificates and keys
The first step in managing your organization’s encryption environment is to determine which encryption assets are deployed where. There are several methods for discovering and provisioning certificates and keys, and for managing them once they are found.
You can use TLS Protect to create several job types you can use to automate tasks, such as certificate and key discovery, import, placement and provisioning. For example, you can create network discovery jobs to get a complete list of your network certificates and SSH keys.
- Bulk Provisioning: installs many certificates and keys on your devices at the same time while minimizing device interactions. Requires that your administrator loads a PowerShell script for your type of device. See Installing (provisioning) lots of certificates and keys at one time.
- Certificate and Device Placement: use to reconcile duplicates and organize certificates and devices in folders based on rules you specify. See Certificate and Device Placement jobs.
- Certificate Import: bring certificates under management that are issued by a specific CA. See Importing certificates from a Microsoft CA and POST Discovery/Import.
- Kubernetes Discovery: use to discover and monitor TLS certificates used by Kubernetes (and most major distributions) clusters managed by Venafi TLS Protect for Kubernetes. See Using Kubernetes discovery.
- Network Discovery: discover where all of your SSL certificates and SSH keys are deployed in your network and apply placement rules you create to ensure that discovered certificates and keys are organized the way that you want them. See Creating a network discovery job.
- Onboard Discovery: automates the process of importing certificates into Trust Protection Platform from network devices where you can then monitor, validate, and provision them. See Using Onboard Discovery.
- Server Agent-based discovery: deploy Server Agents to servers and clients and then configure certificate and SSH key discovery work. See Server Agent—Introduction. To learn more about SSH key discovery, see Running an SSH discovery: finding devices and SSH keys.
- Scanafi: uses the WebSDK with the Scanafi utility to discover network certificates and then adds the certificates to a policy folder automatically. See Automatically calling Discovery/Import from Scanafi.
DID YOU KNOW? Items not already under management can be brought under management, or you can leave them in an unassigned policy. To learn more, see Unassigned certificates.
You can also import certificates from a specific certificate authority (CA). To learn more, see Importing certificates from a certificate authority.
TIP To browse topics in this section, use the menu on the left side of this page.