Network Discovery Using AppViewX

Discovering Certificates with AppViewX

We live in the information age, where technology is advancing faster than anyone could imagine. And with more and more devices communicating over networks (wired, wireless, and cellular), organizations need to pay even greater attention to network security.

In any network, a secure connection between systems is validated by TLS/SSL certificates. These certificates need to be continuously monitored to prevent outages and catch and resolve security vulnerabilities before bad actors have a chance to exploit them.

Certificate management is a critical part of any company’s digital defenses: expired or weakly hashed certificates are an invitation to hackers, and certificate-related outages are not only embarrassing, but can lead to lost productivity and revenue. An SSL certificate management tools can make the job of managing the entire certificate lifecycle – from acquisition to revocation – a whole lot easier, and is a worthwhile investment for businesses of all types and sizes.

 

Although there are several commercially available systems that offer SSL certificate management and automation capabilities, a surprisingly large number of organizations continue to rely on manual processes and homegrown tools to keep track of their certificate infrastructure. According to an industry survey, 53% of responders don’t use a centralized tool to track SSL/TLS certificates deployed in their network, while more than 70% admit to having faced problems because of expired certificates.

Network Discovery with AppViewX:

AppViewX gives you complete visibility into certificates across all the endpoints in your network. With AppViewX, network discovery is performed by either using IP range or Subnet:

  • IP Range – discovers certificates that are present in the IPs that are alive in the given range. Input provides Start and End IP.
  • Subnet – discovers certificates that are present in the IPs that are alive in the given subnet.

Automate Your F5 ADCs to Get Rid of Service Delivery Delays and TCO Surge

Users have the option to enter port numbers they want to scan:

  • Single port – when a single port number (e.g. 443) is provided, certificate discovery is performed only on a specified port.
  • Multiple ports – multiple port numbers can be provided in two ways:
    • Comma-separated – (e.g., 443, 8443) where certificate discovery is performed only on specified ports.
    • Hyphen-separated – (e.g., 443-666) where certificate discovery is performed on all ports within the given range.
  • All Ports – all ports of the given IPs will be scanned for the certificates.

With AppViewX, certificates are discovered using Nmap to get all live IPs in a given range, and a SSL Handshake is performed from Java to get the SSL Certificate.

AppViewX enables discovery of existing certificates by searching for specific hostnames and matching certificate TLS version with the user input.

Tags

  • certificate lifecycle management
  • Certificate Management

About the Author

Ashok Kumar G

Lead Security Engineer

Subject Matter Expert at AppViewX ,responsible for designing and implementing automation of Firewalls, WAF and other security devices.

More From the Author →

Related Articles

Unlock Efficiency with AppViewX AVX ONE CLM and Service Catalog for Self-Servicing

| 5 Min Read

Certificate Management Best Practices to Stay Cyber-Secure This Holiday Season

| 6 Min Read

Apple’s Revised Proposal for 47-Day TLS Certificate Lifespans

| 6 Min Read