Run Certificate Discovery via Agent Client Collector for Visibility - Content

  • Release version: Xanadu
  • Updated June 9, 2025
  • 1 minute to read

    • Discover TLS/SSL certificates used by ports running on the agent's server. The Certificate Inventory and Management application uses this information to manage TLS/SSL certificates.

    Before you begin

    Verify that the latest version of Agent Client Collector for Visibility - Content (ACC-VC) is installed.

    Verify that the latest version of Certificate Inventory and Management is installed.

    Role required: agent_client_collector_admin

    Procedure

    1. Navigate to All > Agent Client Collector > Policies.
    2. Enable the TLS SSL Certificate Capture policy.
    3. Navigate to All > System properties > All properties.
    4. Locate and select the sn_acc_vis_content.tls_ssl_scanner_ports property.
    5. Enter a comma-separated list of port numbers on which to scan for certificates in the Choices field.
      By default, the values are identical to those values configured for the tls_ssl_certs property.
    6. Optional: To store the original certificate in the instance, set the sn_acc_vis_content.tls_ssl_keep_original property to true.

    Result

    The Agent Client Collector collects the data and discovers the TLS/SSL certificates. This data is the same as what is gathered by the IP-based tls_ssl_probe property.

    The TLS/SSL certificates are populated in the following tables:
    • Discovered Certificates [sn_disco_certmgmt_certificate_history]
    • Unique Certificates [cmdb_ci_certificate]
    • Installed Certificates [sn_disco_certmgmt_cmdb_installed_certificate]

    A CI relationship is created between the discovered certificates and the corresponding Host CI (in this case, the agent's server).