Certificate Discovery

TrustView is able to automatically discover and start monitoring SSL endpoints in your network - both internal and external endpoints. TrustView supports a number of mechanisms for this, such as network scan, DNS zone transfer, domain- and AD scanning. When configured, all the scans are executed periodically on a daily basis and will add all new SSL endpoints found.

If the SSL endpoints found have any SSL certificates deployed, TrustView will automatically import them and begin to monitor them all by default.

Tip

This behavior can be changed in the Settings menu, if needed.

Network scan

TrustView can scan your network for services exposed using SSL/TLS, such as HTTPS, LDAPS and IMAPS. To configure a network scan, click SSL network scanning in the left menu and add a new SSL network scan. The information required is listed in the following table:

Parameter

Description

Examples
Target specification

IP range to scan
192.168.0.0/24
10.0-4.0.0/16

Port range
TCP ports to scan for
SSL for each IP in the
IP range
443
1-1000
443,636,1443,8443

Comment

Any comment

When saved, the SSL network scan will execute periodically on a daily basis.

DNS zone transfers

TrustView can periodically perform DNS zone transfers from your DNS and use the returned
hostnames as candidates for SSL endpoints that automatically will be monitored, if
TrustView is able to detect any SSL/TLS enables services on the host. To configure a
DNS zone transfer, click DNS zone transfers in the left menu and add a new
DNS zone transfer. The information required is listed in the following table:

Parameter

Description

Examples

DNS host
Hostname or IP of
your DNS
192.168.0.1
dns.example.org

Zones

List of zones to transfer

example.org

Comment

Any comment

When saved, the DNS zone transfer will execute periodically on a daily basis.

Domain scanning

Domain scans use domain registrant (Whois) information to discover the top-level private domains that you own. For each domain you own, the domain scan feature will obtain a list of hosts for this domain using a TrustView backend-service hosted by TrustSkills. This set of SSL endpoint candidates will be scanned. If TrustView is able to detect any SSL/TLS enables services on the host during the scan, TrustView will start monitoring the services found.

All domains (if any), will be scanned periodically on a daily basis.

Important

This discovery method requires access to the backend of TrustSkills to work.

Active Directory SSL endpoint discovery

TrustView can periodically search your Active Directory for relevant entries (typically servers) and add any SSL/TLS enabled services found on the servers as SSL endpoints. To configure Active Directory SSL endpoint discovery, click Active Directory SSL endpoint discovery in the left menu and add a new AD scan. The information required is listed in the following table:

Parameter

Description

Examples

AD username
Username to bind to
your AD. No special
permissions are
required

user\@example.org

AD user password
Password of the AD
user used to bind

Domain controller
Hostname of the domain
controller to bind to

dc01.example.org

LDAP port

TCP port to connect to

389

Searchbase
Location of the part of
the AD structure to
search in

ou=Servers,ou=Computers,dc=example,dc=org
Search the DNS zone
for the domain
TrustView will attempt
to extract DNS zone
information from your
AD if ticked

Comments

Any comment

When saved, the AD scan will execute periodically on a daily basis.