Are You Aware of Every Certificate Used in Your Enterprise?

Few things that were considered as good to have features in the past Infrastructure Management are now a necessity, be it automation in NetOps, DevSecOps, Application Delivery Automation or certificate and key lifecycles across environments. Thanks to AppViewX being a major player in all the above-mentioned areas and managing some of the significant Fortune 500 companies, we know what it takes to manage an enterprise-level infrastructure.Today any enterprise infrastructure is complicated, involving multiple vendors and most of the time in transition from on-prem solutions to cloud-based solutions. 

Applications today are evolving from pure on-prem to public/private cloud to multi-cluster, multi -node, or a mixture of all the above modes of deployment. The biggest risk we have observed during such transition is the proper management of certificate and device inventory. During our interaction with customers, it was observed that the most sophisticated tool used to track and update such inventory was Excel spreadsheet. My immediate thought was there are multiple inventory management tools available at their disposal so why not use one? The verdict from the horse mouth was these tools, although very good at managing and discovering devices in the inventory are not very good at being able to automatically discover the certificates.

Coming to the first line of the blog, things which were good to have features are now an absolute necessity, due to the evolving nature of applications today. Certificates on the application change regularly, not to mention the devices ( Load Balancers, Firewalls, Servers, Kubernetes Cluster ) that are constantly rotated on a regular basis. What is needed is a lightweight Smart Discovery option for certificate and device discovery. AppViewX brings in that option in the form of AppViewX Smart Discovery. Now why do you need another tool when you already may have an inventory management system in place? 

Gain complete visibility into your certificate infrastructure

To manage the chaos of the transition, we know and understand the pain the application team goes through during major application migrations, some devices, certificates or nodes fall through that gap. These are only realised when an application outage occurs during a missed certificate renewal on a device which no one knew existed in the first place. AppViewX Smart Discovery provides the options to discover the certificate and directly manage through its state-of-the-art CERT+ CLM solution, which helps automate the entire process. 

Another key pain we observed was the disconnect between the network management team and the application team. Most of the time the application team has no clue on which devices the application traffic hops before reaching the servers and similarly, the network team has no clue on which server the traffic servers. The major reason for this as mentioned earlier is that they have evolved from pure on-prem to public/private cloud to multi -cluster, multi-node.

AppViewX Smart Discovery

So we felt the need to identify and mark not only the IP/host name of the device, but also gather device vendors, Operating System and the OS Version, all in one place. This provides insight into any missed device which needs to be added to a managed inventory. 

Smart discovery Key Features and Advantages:
  • Discover device, vendor and operating systems in addition to certificate information
  • Smart Discovery available as an independent SKU, controlled via license 
  • Customized home screen created to redirect users to Smart Discovery scan options
  • Available options for scheduled and on-demand scan
  • Scan Latency and Device Hops
  • Enhanced reports
  • Available on both on-prem and AppViewX SAAS Deployment 
What Smart Discovery provides?
  • Lightweight option for discovering certificates and network devices.
  • Easy to use and no fuss configuration to start discovering devices and certificates
  • Customized scan intensity to negate any network outages due to scan traffic
  • Options to discover certificate and network device on single or separate scan
  • Segregated page for discovered certificate with all the metadata (expiry date, certificate type, serial number, and many more options) and discovered devices (Vendor, device type, OS, OS version etc.)
  • Discovery of certificates with customized port and TLS versions

Having said that network discovery is still not an exact science, it never was. The underlying code which helps in identifying the device type, vendor or the certificate depends on the device signature database. When AppViewX performs the network scan based on the port chosen by the user, it basically compares the signature received by a device during the scan and compares it internally with the device signature database. The key to get the accurate result is to keep updating the signature database with the latest device, certificate signatures, and you bet, AppViewX being a major player in Network and Certificate Lifecycle Automation will not miss it. At the time I am writing this blog, we are planning for new exciting features on AppViewX Smart Discovery, and hope to share those soon in the coming days.

Let’s get you started on your certificate automation journey


  • certificate lifecycle management
  • Certificate Management
  • SSL Certificate Lifecycle Management

About the Author

Surya Kant Pasayat

Manager - Network Engineering

Subject Matter Expert on ADC & Network Discovery responsible for designing and executing customer and technology solutions with ADC+ and Smart Discovery

More From the Author →

Related Articles

Certificate Lifecycle Automation Using Ansible Playbook With AppViewX

| 4 Min Read

How Machine Identity Management Bolsters IoT Security

| 7 Min Read

Why Securing Ingress With TLS Is Key To Achieving Strong Kubernetes Security

| 6 Min Read