I’m very excited to announce the latest addition to our suite of SSL tools – the Certificate Inventory Tool (CIT)! The CIT solves certificate management headaches by locating all SSL certificates on your internal and private networks, regardless of issuing CA. The resulting inventory is available in an easy-to-use online portal, where you can run reports on usage, upcoming renewals, configurations, and issuing CA.
How does it work?
Scans are initiated directly through the online portal. To find internal certificates, you just need to install an agent locally first. Results of the scan will be automatically uploaded to your portal for reporting and further investigation.
Why would I want to use it?
- Avoid Certificate Expiration
Expired SSL certificates are bad news. On public sites, they trigger scary warnings from browsers that deter visitors and can harm your business’s reputation. Even on internal servers, expiration can disrupt processes dependent on the encrypted communication.
Staying ahead of expirations can be difficult when you are managing a large volume of certificates though, especially if you have certificates from multiple CAs. With the CIT, you can quickly run a report that will pull ALL certificates that are approaching expiration.
Example expired certificate warning in Chrome 41
- Keep Up with SSL Best Practices
Industry best practices for configuration options like key lengths, hashing algorithm, and validity period are constantly evolving to try and stay ahead of vulnerabilities. The CIT makes it easy to check that ALL of your certificates, regardless of issuing CA, are using the correct configuration options. For example, you can easily run a report to find any certificates that are still using SHA-1 (an outdated algorithm whose usage deprecated – best practice is to issue SHA-2).
How can I start using it?
The CIT is free for anyone to use. Sign up for an account here and our support team will set you up with a login. We have a step-by-step solution guide that will help you get things rolling, and, of course, our support team is here to help with any additional questions.
Other SSL Tools
SSL Configuration Checker - Make sure your server configuration meets industry best practices and receive actionable advice on how to improve.
CSR Tool – Get the appropriate command line you need to generate a Certificate Signing Request for the most common applications (e.g., OpenSSL, Exchange, Java Keytool, F5 Big-IP, IIS).