Certificate Autodiscovery
Device42 supports the autodiscovery of SSL certificates for easy tracking in Device42.
This page is about creating a certificate discovery job. See Certificates for information about managing discovered certificates.
Add SSL Certificate Discovery Job
Create a new certificate autodiscovery job by navigating to Discovery > Certificates and clicking the Create button.
When creating a certificate autodiscovery job, enter an IP address or range of IP addresses and the ports to scan. Device42 will import discovered certificates. A certificate discovered on an IP address already associated with a device in Device42 will automatically be associated with that device.
SSL Certificate Cipher Suite Discovery
Device42 can discover SSL cipher suites as part of certificate autodiscovery. If you'd like to discover cipher suites, check the Find cipher suites supported by the server checkbox.
Choosing to discover cipher suites can significantly slow down SSL certificate discovery. To resolve any issues caused by a slow discovery job or speed up your regular scheduled SSL certificate discovery job, uncheck Find cipher suites supported by server.
Schedule or Run Now Options
Schedule the certificate autodiscovery job to run at specific times on selected days by clicking on the + Add another Autodiscovery Schedule button.
Newly created jobs will not run on the day they are created to prevent the unintended running of many jobs simultaneously. To run a job after its initial creation, click Run Now on the job details page or on the Certificate autodiscovery specs list page.
Navigate to the certificates list pages under Applications > Certificates to inspect the discovered certificates.
Multitenancy Warning
Certificate discovery can fail if multitenancy is enabled and the discovery job targets a VRF group whose subnet doesn't exist in Device42.
If you encounter this behavior, create the target subnet in Device42 or run a network discovery first, as recommended in autodiscovery best practices.