Discovery Services
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Discovery Services
Discovery Services in Next-Gen Trust Security are essential tools for locating and managing digital certificates within your organization’s network and on public-facing servers. These services ensure that all certificates are accounted for, thereby reducing the risk of outages and security vulnerabilities.
Note: Network Discovery configuration must exist only in parent TSGs. Users must have the appropriate Strata Cloud Manager (SCM) role permissions in the parent TSG to create, configure, or manage discovery services. Built-In Accounts must have the appropriate SCM role permissions to perform API actions on Network Discovery configuration. Discovered certificates are initially unowned and visible across the TSG hierarchy—users in any TSG (parent or child) with the appropriate permissions can claim and assign ownership of discovered certificates to their specific TSG.
Types of Discovery Services
Because server certificates are used both within private networks and out on the Internet, discovering and managing them requires a secure and flexible approach called discovery services.
Which discovery service you choose depends on your needs.
| Discovery Service | Use to... | Discovery Type |
|---|---|---|
| Enhanced Discovery | Discover certificates inside of your company's network, similar to Basic Discovery, but uses Venafi VSatellite to run discoveries according to a fixed schedule (optional) and performs validation for you (after they are added to the certificates inventory). You can also run Enhanced Discovery with Run Now. See Discover private (internal) certificates. | Internal |
| Internet Discovery | Discover and protect certificates external to your company's private network. This service is created for you by default. But of course you can edit its name, add or remove targets, and change its discovery schedule. See Discover public (external) certificates. | External |
Following certificate discovery, Next-Gen Trust Security adds all discovered certificates to the certificates inventory (Insights > Certificates). After the certificates are in the inventory, Next-Gen Trust Security can run daily validations on them and highlight
potential issues that could cause outages.