As the IT infrastructure of organizations expands, they procure certificates for every machine to safeguard their resources and domains. Additionally, developers often create many self-signed certificates to protect the internal network during the developmental stages of a product. Organizations often end up with thousands of certificates under their belt. Automating the discovery of certificates provides complete visibility over the certificate infrastructure to locate any rogue/invalid certificates and remediate them immediately.
Key Manager Plus takes care of scanning your entire network for certificates and consolidating them in a central repository. With Key Manager Plus, you can discover certificates from different sources, irrespective of the issuing CAs. It supports on-demand, scheduled, and recurrent discovery processes.
Key Manager Plus scans for SSL certificates in a variety of locations, including SMTP mail servers, load balancers, AWS, AD, MS-CA and Certificate Store, and shared directory paths. It checks all these varied endpoints to ensure that any existing certificate is not missed. You can even select a granular discovery process for it to follow, including only the certificates you require from the list of available certificates.
With Key Manager Plus, you can schedule certificate discovery to happen on a recurrent basis, ensuring the repository remains up to date. It keeps track of the certificates and automatically recalls their source, allowing it to quickly retrieve the latest version of a certificate.
Using agents, Key Manager Plus allows you to discover certificates from machines whose credentials are unavailable and those which are present in demilitarized zones. The agent connects with the Key Manager Plus server over a secure HTTPS connection and looks up to obtain periodic heartbeats of the target machine.