Viewing Certificate Information

The certificate information page gives you details about a certificate on your network. Go to VM/VMDR > Assets > Certificates and select Certificate Info for any certificate in the list. You'll see information about the certificate like the validity dates, fingerprint, when it was first and last found, and any vulnerabilities associated with it.

Certificates stored in Vulnerability Management are intended to be an inventory of all certificates found from QID 86002 and can be manually removed from the inventory if no longer active or relevant. To get an active list of all certificates, just run a CertView scan. Please contact your Technical Account Manager if you do not see CertView module enabled.

 

Tell me about the certificate path

This is the chain of certificates. At the top level is the selected certificate, followed by its parent certificate, then the parent to its parent, and so on.

 

Tell me about the certificate source

The source of the certificate: Internal or Customer. Internal is shown for well known certificate authorities used by Qualys whenever SSL verification is needed. Customer is shown when someone in your organization has created a custom list of trusted certificate authorities by importing certificate authorities into the subscription (under Scans > Setup > Scanner Trusted CA). If we don't know the source then the certificate is considered invalid.

 

Tell me about the certificate location

Certificates can be found on ports or in other locations on your hosts. When found on a port, we'll show the port/service in the Hosts section. Otherwise, we'll show the location in the Certificate Details section.

Tip - Enable the Additional Certificate Detection option in your scan option profile to find certificates in locations other than ports.