Skip to main content

Certificate Autodiscovery

This page is for Device42 administrators who need to discover SSL certificates across their network. Learn where to create a certificate discovery job, about the Cipher Suite Discovery option, how to schedule the job, and a potential reason for discovery job failure.

See Certificates for information about managing discovered certificates.

Add an SSL Certificate Discovery Job

Create a new certificate autodiscovery job by navigating to Discovery > Certificates and clicking the Create button.

Certificate autodiscovery specsCertificate autodiscovery specs

When creating a certificate autodiscovery job, enter an IP address or range of IP addresses and the ports to scan. Device42 will import discovered certificates. Certificates discovered on IP addresses already linked to devices will automatically be associated with those devices.

Add new certificate autodiscovery jobAdd new certificate autodiscovery job

SSL Certificate Cipher Suite Discovery

To discover SSL cipher suites as part of certificate autodiscovery, select the Find cipher suites supported by the server checkbox.

Cipher suites optionCipher suites option

Choosing to discover cipher suites can significantly slow down SSL certificate discovery. To resolve any issues caused by a slow discovery job or speed up your regular scheduled SSL certificate discovery job, uncheck Find cipher suites supported by server.

Schedule or Run Now Options

Schedule the certificate autodiscovery job to run at specific times on selected days by clicking on the + Add another Autodiscovery Schedule button.

Add new certificate autodiscovery job scheduleAdd new certificate autodiscovery job schedule

Device42 does not automatically run newly created jobs on the first day to prevent unintentionally running a large number of jobs at once. To run a job after its initial creation, click Run Now on the job details page or on the Certificate autodiscovery specs list page.

Navigate to the certificates list pages under Applications > Certificates to inspect the discovered certificates.

Multitenancy Warning

Certificate discovery can fail if multitenancy is enabled and the discovery job targets a VRF group whose subnet doesn't exist in Device42.

If you encounter this behavior, create the target subnet in Device42 or run a network discovery first, as recommended in Autodiscovery Best Practices.