Internal discovery scans set a range of IP addresses and provide an actual inventory with all found SSL/TLS certificates. You can detect, observe and manage certificates from a chosen range of IP addresses.
This feature is available for Standard and Business subscription plans.
Scan profiles allow you to:
- create and edit multiple scan runs
- choose one or range of IP addresses
- schedule scan runs
- delete the scan anytime
For the internal scan to successfully run, you need to create an agent. A lightweight network utility that will monitor your internal network and send results to the Keyhub. To create an agent:
- Open Discovery page and click the “agent” folder.
- Create a new agent by pressing “Create”.
- Indicate your agent’s name and choose the operating system.
- Download and run the agent on your machine or run the generated command in your command line to download binaries via terminal.
Now you can create an internal scan. Remember that the agent operates with a public part of your certificate.
To create an internal scan:
- Open Discovery page and create a new profile.
- Choose “internal” scan profile type, indicate the range of IP addresses
- Set all ports that you want to scan separated by a comma or by using a dash. We recommend using port 443. If you leave that field without any notes, Keyhub checks only default ports.
- Schedule regularity of refreshing scan results if you want to refresh the certificate list on a daily or weekly basis.
Find this module and set up everything related to it at https://keyhub.remme.io/discovery/internal