Certificate Auto-discovery

Add SSL Certificate Discovery Job

Device42 supports auto-discovery of SSL certificates for easy tracking within Device42.

You can set up a new certificate discovery job by going to Discovery → Certificates, and then clicking “Add Certificate Autodiscovery Spec”. You can specify a range of addresses and one or more ports to check for the certificates. You can also set a schedule at this time to keep the discovery jobs running.

SSL Certificate Discovery Configuration
add SSL cert discovery job

If a certificate is found on an IP address already associated with a device in Device42, the certificate will also be associated with that device automatically. Certificates that are discovered will then be available under Software>Certificates and each device with a particular certificate will be listed in that Certificate’s detail page, or in Certificate Instances.

SSL Certificate Cipher Suite Discovery

Device42 can discovery SSL cipher suites as part of certificate auto-discovery. If you’d like to discover cipher suites, simply check the ‘Find cipher suites supported by the server” checkbox:

discovery ssl cipher suites

Choosing “discover cipher suites” can result in a significant slowdown of SSL certificate discovery. If this is causing issues, or if you’d simply like to speed up your regular scheduled SSL Certificate discovery job, simply disable [uncheck] “Find cipher suites supported by server”.

Certificate Discovery with Multi-tenancy Enabled – Warning

Note that certificate discovery can fail if MultiTenancy is enabled and the discovery job targets a VRF group whose subnet doesn’t exist within Device42. If you encounter this behavior, simply create the subnet that you are discovering within Device42 (or run a network discovery first, as reccomended by the best practices guide).