Microsoft CA Certificate discovery - does this discovery discovers unique and installed certs

Hanumant Madan1 · 3 weeks ago

Hi All,

We are planning to use Microsoft Certificate Authority (CA) certificates discovery but want to confirm if this discovers all installed and unique certs or just unique certificates from MS CA Server.

looking forward for your inputs.

Regards,

Hanumant

Pratiksha · 3 weeks ago

CA certificate discovery from CA authority will give you the unique certificate. If you want installed on info then you need to discover them using port based method.

Hanumant Madan1 · 3 weeks ago

Hi Pratiskha,

Any idea in what cases does customers needs to have installed certificates, as unique certificate is already discovered. I am just trying to rule out the need of port based certificate discovery , as why is it needed and can we skip that.

Does port based certificate discovery discovers external certificates?

Regards,

Hanumant

Pratiksha · 3 weeks ago

You wont know where the certificate are actually installed, hence you dont know what impact it can have on service. Let's say I have CI which contribute to a service map, if a certificate expire the service will go down. Based on this you can define what type of ticket you want to create (priority) when a given certificate is going to expire. Hope it helps.

Hanumant Madan1 · 3 weeks ago

ok fine... that means installed certificates will basically give me relationship between certificate and where it is installed and so impact analysis can be made easy.

so we need to have port based discovery in place to have this relationship is what we can say..?

Also Does port based certificate discovery discovers external certificates?

And what happens in case where we only do CA based discovery? will that show the relationship for atleast unique certificates discovery via CA?

Regards,

Hanumant