Run IP-Based Certificate Discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Enable the Transfer Layer Security (TLS) port probe [tls_ssl_certs] and scan for certificates on an IP address or multiple IP addresses.

    Before you begin

    Know the IP address, range of IP addresses, or list of IP addresses you want to perform Certificate Discovery on.

    Role required: Certificate administrator, discovery_admin, or admin

    Procedure

    1. Activate the TLS port probe [tls_ssl_certs].
      1. Navigate to All > Discovery Definition > Port Probes.
      2. Open tls_ssl_certs.
      3. To enable the probe, select the Active check box.

        By default, the check box for any new installation is cleared.

      4. Confirm the Triggered by services has the services you need.

        By default, the following services trigger the tls_ssl_certs probe: HTTPS, tomcat-ssl, IBM Websphere SSL, Idaps, IMAPS, pop3s, ftps-data, ftps, smtp, pop3, imap, Idap, ftp, submission.

      5. Select Update.
    2. Create an IP-Based Certificate Discovery Schedule.
      1. Navigate to All > Discovery > Discovery Schedules.
      2. Select New.
      3. Fill out each text field with its corresponding value.
        For more information on the fields and values, see IP-Based Discovery Schedule Form Table.
      4. Select and hold (or right-click) above Discovery Schedule and select Save.
        By selecting Save, additional configuration options are available.
      5. Select the Use SNMP text field.
      6. In the new tabs that appear, select Discovery IP Ranges.
      7. Select New.
      8. Fill each field with its corresponding value.
        For more information on the fields and values, see Setting Your IP Addresses Form and Fields Table.
      9. Select Submit.
        The port tls_ssl_certs will look for Certificates available inside your selected IPs at the next time interval (daily, weekly, monthly, etc.).
    3. Create an IP-Based Certificate Quick Discovery for immediate discovery (optional).
      1. Navigate to All > Discovery > Discovery Schedules.
      2. Select Quick Discovery.
      3. Enter your Target IP into the Target IP field.
        Warning:
        Make sure that your IP address is accessible to the MID Server you’re using. If it doesn’t, you have to set Credential aliases for Discovery.
      4. Select OK.

    Result

    The probe tls_ssl_certs searches for Certificates inside your selected IP immediately, and reports the certificates it finds.