Certificate Inspector: Port Scanning Recommendations

DigiCert Certificate Inspector allows admins to scan and map their certificate landscape, check for vulnerabilities, and analyze the data through different reports.

However, Certificate Inspector will only report data that was given to it by it’s scanning agents. Certificate Inspector scanning agents can be configured to scan domains or IP ranges and specific ports. If you are not configuring the agent correctly, you may not be collecting as much data as you could be.

Port Scanning Recommendations

Many admins get stuck in the rut of only scanning the HTTPS port, port 443, not realizing that Certificate Inspector can scan more than that.

Below is a list of ports that that can be scanned using Certificate Inspector. The list below is not an exhaustive one, but we compiled it to help you think about how to use Certificate Inspector to more thoroughly scan your environment.

Communication Protocols

  • Syslog-514, 6514

Hyper Transfer Protocol Secure (HTTPS)

  • 443, 8080, 8443

LDAP

  • 389, 636

Mail Protocols

  • IMAP-143, 993
  • POP3-110, 995,
  • SMTP-25, 587

VPN Appliances

  • LogMeIn-12975, 32976
  • OpenVPN-1194

Web-based Interfaces

  • SAP-5555
  • Splunk-8000, 8089, 9997

Certificate Inspector is a powerful tool and can give you very detailed reports about security vulnerabilities in your environment. To learn about all the different vulnerabilities that Certificate Inspector can scan for, click here.

Posted in Best Practices, Certificate Inspector, Security, SSL